Products & Services
Products & Services
The OWASP Top 10 – How Akamai Helps
OWASP publishes a list of the 10 most common vulnerabilities in web applications. This white paper details how Akamai can help mitigate these threat vectors. The post appeared first on .
Gartner: How to Respond to the 2022 Cyberthreat Landscape
A new Gartner® report, How to Respond to the 2022 Cyberthreat Landscape, focuses on the new threats organizations will face as they prepare for the future of work and accelerate digital transformations. Gartner’s advice will help security and risk manage
Gartner MQ WAAP 2022
Research shows that web applications and API attacks continued to explode in the first half of 2022. Does your organization have the best defense today? Akamai recommends deploying a holistic web application and API protection (WAAP) solution. The right
How Akamai Helps to Mitigate the OWASP API Security Top 10 Vulnerabilities
Experts warn that API attacks will soon become the most common type of web application attack. As a result, organizations and their security vendors need to align across people, processes, and technologies to institute the right protections. The Open Web
What is Account Takeover and How to Prevent It in 2022
An account takeover (ATO), in which criminals impersonate legitimate account owners to take control of an account, are on the rise in Asia and across the world. Fraudsters are swindling money and digital assets from consumers across industries, with the
New Flaw in Acer Laptops Could Let Attackers Disable Secure Boot Protection
Acer has released a firmware update to address a security vulnerability that could be potentially weaponized to turn off UEFI Secure Boot on affected machines. Tracked as CVE-2022-4020, the high-severity vulnerability affects five different models that
Hackers Using Trending TikTok 'Invisible Challenge' to Spread Malware
Threat actors are capitalizing on a popular TikTok challenge to trick users into downloading information-stealing malware, according to new research from Checkmarx. The trend, called Invisible Challenge, involves applying a filter known as Invisible Bod
7 Cyber Security Tips for SMBs
When the headlines focus on breaches of large enterprises like the Optus breach, it’s easy for smaller businesses to think they’re not a target for hackers. Surely, they’re not worth the time or effort? Unfortunately, when it comes to cyber security, s
Irish Regulator Fines Facebook $277 Million for Leak of Half a Billion Users' Data
Ireland's Data Protection Commission (DPC) has levied fines of €265 million ($277 million) against Meta Platforms for failing to safeguard the personal data of more than half a billion users of its Facebook service, ramping up privacy enforcement agains
Ransomware Gang Takes Credit for Maple Leaf Foods Hack
The Black Basta ransomware group has taken credit for the recently disclosed attack on Canadian meat giant Maple Leaf Foods.
Vulnerability in Acer Laptops Allows Attackers to Disable Secure Boot
A vulnerability impacting multiple Acer laptop models could allow an attacker to disable the Secure Boot feature and bypass security protections to install malware.
Cybercriminals Selling Access to Networks Compromised via Recent Fortinet Vulnerability
Security researchers at Cyble have observed initial access brokers (IABs) selling access to enterprise networks likely compromised via a recently patched critical vulnerability in Fortinet products.
Oracle Fusion Middleware Vulnerability Exploited in the Wild
The US Cybersecurity and Infrastructure Security Agency (CISA) on Monday warned organizations that a critical Oracle Fusion Middleware vulnerability patched in early 2022 is being exploited in attacks.
How to secure your email via encryption, password management and more
From emailing vendors to communicating with team members, serious business happens in the inbox. That's why it's critical to secure it. These TechRepublic Premium resources can help. The post appeared first on .
CISA Warns of Actively Exploited Critical Oracle Fusion Middleware Vulnerability
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a critical flaw impacting Oracle Fusion Middleware to its Known Exploited Vulnerabilities (KEV) Catalog, citing evidence of active exploitation. The vulnerability, tracked
Census Bureau Chief Defends New Privacy Tool Against Critics
Report says Census Bureau failed to stop simulated cyberattacks conducted under an operation to test for vulnerabilities
Password management policy
Password-driven security may not be the perfect solution, but the alternatives haven’t gained much traction. This policy defines best practices that will make password protection as strong and manageable as possible. From the policy: Employee passwords a
Best IT asset management software of 2022
An asset management software is a necessary part of every IT department. Find out which one is best for your business. The post appeared first on .
Virginia County Confirms Personal Information Stolen in Ransomware Attack
Southampton County in Virginia last week started informing individuals that their personal information might have been compromised in a ransomware attack. The incident was identified in September, when a threat actor accessed a server at Southampton and
Researchers Detail AppSync Cross-Tenant Vulnerability in Amazon Web Services
Amazon Web Services (AWS) has resolved a cross-tenant vulnerability in its platform that could be weaponized by an attacker to gain unauthorized access to resources. The issue relates to a confused deputy problem, a type of privilege escalation where a
The 5 Cornerstones for an Effective Cyber Security Awareness Training
It's not news that phishing attacks are getting more complex and happening more often. This year alone, APWG reported a record-breaking total of 1,097,811 phishing attacks. These attacks continue to target organizations and individuals to gain their sen
Project Zero Flags 'Patch Gap' Problems on Android
Vulnerability researchers at Google Project Zero are calling attention to the ongoing “patch-gap” problem in the Android ecosystem, warning that downstream vendors continue to be tardy at delivering security fixes to Android-powered devices.
Top cybersecurity threats for 2023
Next year, cybercriminals will be as busy as ever. Are IT departments ready? The post appeared first on .
Irish Regulator Fines Meta 265 Million Euros Over Data Breach
Ireland's data regulator on Monday slapped Facebook owner Meta with a 265-million-euro ($275-million) fine after details of more than half a billion users were leaked on a hacking website.
Over a Dozen New BMC Firmware Flaws Expose OT and IoT Devices to Remote Attacks
Over a dozen security flaws have been discovered in baseboard management controller (BMC) firmware from Lanner that could expose operational technology (OT) and internet of things (IoT) networks to remote attacks. BMC refers to a specialized service pro
AWS re:Invent 2022: Partners on parade
There's news from Amazon Web Services' Las Vegas show as a flurry of partnerships and edge computing initiatives have been revealed. The post appeared first on .
RansomBoggs: New ransomware targeting Ukraine
ESET researchers spot a new ransomware campaign that goes after Ukrainian organizations and has Sandworm's fingerprints all over it The post appeared first on
Hack-for-Hire Group Targets Android Users With Malicious VPN Apps
A hack-for-hire group known as Bahamut has been targeting Android users with trojanized versions of legitimate VPN applications, ESET reports.
Crackdown on African Cybercrime Leads to Arrests, Infrastructure Takedown
Interpol on Friday announced the arrest of ten individuals suspected of participation in $800,000 scam and fraud operations with global impact.
Twitter Data Breach Bigger Than Initially Reported
A massive Twitter data breach disclosed a few months ago appears to be bigger than initially reported.
Cisco ISE Vulnerabilities Can Be Chained in One-Click Exploit
Multiple vulnerabilities in Cisco Identity Services Engine (ISE) could allow remote attackers to inject arbitrary commands, bypass existing security protections, or perform cross-site scripting (XSS) attacks.
Elon Musk Confirms Twitter 2.0 will Bring End-to-End Encryption to Direct Messages
Twitter chief executive Elon Musk confirmed plans for end-to-end encryption (E2EE) for direct messages on the platform. The feature is part of Musk's vision for Twitter 2.0, which is expected to be what's called an "everything app." Other functionalitie
Top 5 confidential computing uses in healthcare
Big data meets private data in a perfect storm for healthcare. Confidential computing providers say they’ll make the cloud safer for medical data. The post appeared first on .
Google Patches Eighth Chrome Zero-Day of 2022
An emergency Chrome update that Google announced on Thanksgiving Day addresses an actively exploited zero-day in the popular browser.
The Cybersecurity Industry is Broken
The security industry must transform. Tom Corn, Senior Vice President, Security Products at VMware, knows where to begin. Cloud can be the root of our solution rather than our problem if we seek ways to leverage its unique properties to secure applicatio
Security At The Forefront: A Spotlight On Zero Trust
VMware commissioned Forrester Consulting to evaluate how organizations are working to ensure a strong security posture via Zero Trust. Forrester conducted a survey with 1,475 respondents and five interviews with IT, security, and development managers and
How CIOs Should Think About Blockchain
From a security standpoint, blockchain represents an opportunity to reinforce the foundation of your business, but it’s important to look at the big picture when it comes to implementation. If you hang on to your current systems, but with a blockchain at
CIO Essential Guidance: CISO Security Threat landscape
Despite massive spend to protect enterprise digital assets, security breaches are still on the rise. The disconnect between the level of investment and the volume and impact of attacks is largely attributed to outdated approaches that favor perimeter pro
All You Need to Know About Emotet in 2022
For 6 months, the infamous Emotet botnet has shown almost no activity, and now it's distributing malicious spam. Let's dive into details and discuss all you need to know about the notorious malware to combat it. Why is everyone scared of Emotet? Emotet
U.S. Bans Chinese Telecom Equipment and Surveillance Cameras Over National Security Risk
The U.S. Federal Communications Commission (FCC) formally announced it will no longer authorize electronic equipment from Huawei, ZTE, Hytera, Hikvision, and Dahua, deeming them an "unacceptable" national security threat. All these Chinese telecom and v
Russia-based RansomBoggs Ransomware Targeted Several Ukrainian Organizations
Ukraine has come under a fresh onslaught of ransomware attacks that mirror previous intrusions attributed to the Russia-based Sandworm nation-state group. Slovak cybersecurity company ESET, which dubbed the new ransomware strain RansomBoggs, said the at
US Bans Huawei, ZTE Telecoms Gear Over Security Risk
US authorities announced a ban Friday on the import or sale of communications equipment deemed "an unacceptable risk to national security" -- including gear from Chinese giants Huawei Technologies and ZTE.
Update Chrome Browser Now to Patch New Actively Exploited Zero-Day Flaw
Google on Thursday released software updates to address yet another zero-day flaw in its Chrome web browser. Tracked as CVE-2022-4135, the high-severity vulnerability has been described as a heap buffer overflow in the GPU component. Clement Lecigne of
Dell, HP, and Lenovo Devices Found Using Outdated OpenSSL Versions
An analysis of firmware images across devices from Dell, HP, and Lenovo has revealed the presence of outdated versions of the OpenSSL cryptographic library, underscoring a supply chain risk. EFI Development Kit, aka EDK, is an open source implementation
Spyware posing as VPN apps – Week in security with Tony Anscombe
The Bahamut APT group distributes at least eight malicious apps that pilfer victims' data and monitor their messages and conversations The post appeared first on
U.K. Police Arrest 142 in Global Crackdown on 'iSpoof' Phone Spoofing Service
A coordinated law enforcement effort has dismantled an online phone number spoofing service called iSpoof and arrested 142 individuals linked to the operation. The websites, ispoof[.]me and ispoof[.]cc, allowed the crooks to "impersonate trusted corpora
TechRepublic Premium editorial calendar: IT policies, checklists, toolkits and research for download
TechRepublic Premium content helps you solve your toughest IT issues and jump-start your career or next project. The post appeared first on .
Know your payment options: How to shop and pay safely this holiday season
'Tis the season for shopping and if you too are scouting for bargains, make sure to keep your money safe when snapping up those deals The post appeared first on
Interpol Seized $130 Million from Cybercriminals in Global "HAECHI-III" Crackdown Operation
Interpol on Thursday announced the seizure of $130 million worth of virtual assets in connection with a global crackdown on cyber-enabled financial crimes and money laundering. The international police operation, dubbed HAECHI-III, transpired between Ju
New RansomExx Ransomware Variant Rewritten in the Rust Programming Language
The operators of the RansomExx ransomware have become the latest to develop a new variant fully rewritten in the Rust programming language, following other strains like BlackCat, Hive, and Luna. The latest version, dubbed RansomExx2 by the threat actor
Millions of Android Devices Still Don't Have Patches for Mali GPU Flaws
A set of five medium-severity security flaws in Arm's Mali GPU driver has continued to remain unpatched on Android devices for months, despite fixes released by the chipmaker. Google Project Zero, which discovered and reported the bugs, said Arm address
Boost Your Security with Europe's Leading Bug Bounty Platform
As 2022 comes to an end, now's the time to level up your bug bounty program with Intigriti. Are you experiencing slow bug bounty lead times, gaps in security skills, or low-quality reports from researchers? Intigriti's expert triage team and global comm
Bahamut Cyber Espionage Hackers Targeting Android Users with Fake VPN Apps
The cyber espionage group known as Bahamut has been attributed as behind a highly targeted campaign that infects users of Android devices with malicious apps designed to extract sensitive information. The activity, which has been active since January 20
14 PCI Compliance security best practices for your business
Looking for more information on PCI Compliance security? Read 14 security best practices for PCI (Payment Card Industry) Compliance with our guide. The post appeared first on .
This Android File Manager App Infected Thousands of Devices with SharkBot Malware
The Android banking fraud malware known as SharkBot has reared its head once again on the official Google Play Store, posing as file managers to bypass the app marketplace's restrictions. A majority of the users who downloaded the rogue apps are located
Black Basta Ransomware Gang Actively Infiltrating U.S. Companies with Qakbot Malware
Companies based in the U.S. have been at the receiving end of an "aggressive" Qakbot malware campaign that leads to Black Basta ransomware infections on compromised networks. "In this latest campaign, the Black Basta ransomware gang is using QakBot malw
10 tips to avoid Black Friday and Cyber Monday scams
It pays not to let your guard down during the shopping bonanza – watch out for some of the most common scams doing the rounds this holiday shopping season The post appeared first on
34 Russian Cybercrime Groups Stole Over 50 Million Passwords with Stealer Malware
As many as 34 Russian-speaking gangs distributing information-stealing malware under the stealer-as-a-service model stole no fewer than 50 million passwords in the first seven months of 2022. "The underground market value of stolen logs and compromised
Ducktail Malware Operation Evolves with New Malicious Capabilities
The operators of the Ducktail information stealer have demonstrated a "relentless willingness to persist" and continued to update their malware as part of an ongoing financially driven campaign. "The malware is designed to steal browser cookies and take
Top Cyber Threats Facing E-Commerce Sites This Holiday Season
Delivering a superior customer experience is essential for any e-commerce business. For those companies, there's a lot at stake this holiday season. According to Digital Commerce 360, nearly $1.00 of every $4.00 spent on retail purchases during the 2022
EU Parliament Website Attacked After MEPs Slam Russian 'Terrorism'
The European Parliament website was hit by a cyberattack claimed by pro-Russian hackers Wednesday shortly after lawmakers approved a resolution calling Moscow a "state sponsor of terrorism".
Proofpoint: Watch Out for Nighthawk Hacking Tool Abuse
Security researchers at Proofpoint are calling attention to the discovery of a commercial red-teaming tool called Nighthawk, warning that the command-and-control framework is likely to be abused by threat actors.
Hackers Exploiting Abandoned Boa Web Servers to Target Critical Industries
Microsoft on Tuesday disclosed the intrusion activity aimed at Indian power grid entities earlier this year likely involved the exploitation of security flaws in a now-discontinued web server called Boa. The tech behemoth's cybersecurity division said t
Cross-Tenant AWS Vulnerability Exposed Account Resources
A cross-tenant vulnerability in Amazon Web Services (AWS) could have allowed attackers to abuse AWS AppSync to gain access to resources in an organization’s account.
Facebook Parent Meta Links Influence Campaign to US Military
Facebook parent Meta has tied a recent influence operation powered by tens of accounts, pages and groups to the United States military.
Meta Takes Down Fake Facebook and Instagram Accounts Linked to Pro-U.S. Influence Operation
Meta Platforms on Tuesday said it took down a network of accounts and pages across Facebook and Instagram that were operated by people associated with the U.S. military to spread narratives that depicted the country in a favorable light in the Middle Ea
Microsoft Warns of Boa Web Server Risks After Hackers Target It in Power Grid Attacks
Microsoft is warning organizations about the risks associated with the discontinued Boa web server after vulnerabilities affecting the software were apparently exploited by threat actors in an operation aimed at the energy sector.
CISA Updates Infrastructure Resilience Planning Framework
The US Cybersecurity and Infrastructure Security Agency (CISA) this week announced the addition of new tools and guidance to the Infrastructure Resilience Planning Framework (IRPF).
Nighthawk Likely to Become Hackers' New Post-Exploitation Tool After Cobalt Strike
A nascent and legitimate penetration testing framework known as Nighthawk is likely to gain threat actors' attention for its Cobalt Strike-like capabilities. Enterprise security firm Proofpoint said it detected the use of the software in mid-September 2
Multi-Purpose Botnet and Infostealer 'Aurora' Rising to Fame
Aurora, a multi-purpose botnet being advertised on underground forums since April, has been adopted by multiple cybercriminals over the past few months, cybersecurity firm Sekoia.io reports.
Bahamut cybermercenary group targets Android users with fake VPN apps
Malicious apps used in this active campaign exfiltrate contacts, SMS messages, recorded phone calls, and even chat messages from apps such as Signal, Viber, and Telegram The post appeared first on
Top 6 security risks associated with industrial IoT
Industrial IoT is gaining adoption, but this comes with some security risks. Check out the dangers and how you can avoid them. The post appeared first on .
DDoS protection from OVHcloud
Distributed denial-of-service protection from OVHcloud takes the complexity out of avoiding denial of service attacks for your business. The post appeared first on .
This Malware Installs Malicious Browser Extensions to Steal Users' Passwords and Cryptos
A malicious extension for Chromium-based web browsers has been observed to be distributed via a long-standing Windows information stealer called ViperSoftX. Czech-based cybersecurity company dubbed the rogue browser add-on VenomSoftX owing to its standa
Researchers Warn of Cyber Criminals Using Go-based Aurora Stealer Malware
A nascent Go-based malware known as Aurora Stealer is being increasingly deployed as part of multiple campaigns designed to steal sensitive information from compromised hosts. "These infection chains leveraged phishing pages impersonating download pages
Here's How to Ensure Your Incident Response Strategy is Ready for Holiday Hackers
The best line of defense against holiday hacking schemes is a comprehensive incident response strategy that focuses on end-user vulnerabilities. The holiday season is upon us and with it a slew of cybersecurity scams preying on end-user vulnerabilities
Leaked Algolia API Keys Exposed Data of Millions of Users
Threat detection firm CloudSEK has identified thousands of applications leaking Algolia API keys, and tens of applications with hardcoded admin secrets, which could allow attackers to steal the data of millions of users.
Luna Moth Gang Invests in Call Centers to Target Businesses with Callback Phishing Campaigns
The Luna Moth campaign has extorted hundreds of thousands of dollars from several victims in the legal and retail sectors. The attacks are notable for employing a technique called callback phishing or telephone-oriented attack delivery (TOAD), wherein t
BMC Firmware Vulnerabilities Expose OT, IoT Devices to Remote Attacks
Researchers at industrial cybersecurity firm Nozomi Networks have discovered more than a dozen vulnerabilities in baseboard management controller (BMC) firmware.
U.S. Authorities Seize Domains Used in 'Pig butchering' Cryptocurrency Scams
The U.S. Justice Department (DoJ) on Monday announced the takedown of seven domain names in connection to a "pig butchering" cryptocurrency scam. The fraudulent scheme, which operated from May to August 2022, netted the actors over $10 million from five
Vietnam-Based Ducktail Cybercrime Operation Evolving, Expanding
The Ducktail information stealer has been updated with new capabilities and the threat actors that use it have been expanding their operation, according to WithSecure, formerly known as F-Secure Business.
Digesting CISA's Cross-Sector Cybersecurity Performance Goals
Last month, CISA released cross-sector cybersecurity performance goals (CPGs) in response to President Biden’s 2021 on improving cybersecurity for critical infrastructure control systems.
Microsoft Releases Out-of-Band Update After Security Patch Causes Kerberos Issues
Microsoft has released an out-of-band update after learning that a recent Windows security patch started causing Kerberos authentication issues.
Cisco Secure Email Gateway Filters Bypassed Due to Malware Scanner Issue
An anonymous researcher has disclosed several methods that can be used to bypass some of the filters in Cisco’s Secure Email Gateway appliance and deliver malware using specially crafted emails.
US Offshore Oil and Gas Infrastructure at Significant Risk of Cyberattacks
The offshore oil and gas infrastructure faces cybersecurity risks that the Department of Interior should immediately address, the US Government Accountability Office (GAO) notes in a new report.
Security fatigue is real: Here’s how to overcome it
Do your employees take more risks with valuable data because they’ve become desensitized to security guidance? Spot the symptoms before it’s too late. The post appeared first on
How to minimize security risks: Follow these best practices for success
To reduce security threats within your organization, you must prioritize security risk management. Here are some best practices to follow, as well as some top resources from TechRepublic Premium. The post appeared first on .
Microsoft Defender protects Mac and Linux from malicious websites
Now that attackers can phish employees on any device and try to extract credentials, endpoint protection has to cover more than just Windows. The post appeared first on .
Daixin Ransomware Gang Steals 5 Million AirAsia Passengers' and Employees' Data
The cybercrime group called Daixin Team has leaked sample data belonging to AirAsia, a Malaysian low-cost airline, on its data leak portal. The development comes a little over a week after the company fell victim to a ransomware attack on November 11 an
Notorious Emotet Malware Returns With High-Volume Malspam Campaign
The notorious Emotet malware has returned with renewed vigor as part of a high-volume malspam campaign designed to drop payloads like IcedID and Bumblebee. "Hundreds of thousands of emails per day" have been sent since early November 2022, enterprise se
Been Doing It The Same Way For Years? Think Again.
As IT professionals, we all reach a certain point in our IT career where we realize that some of our everyday tasks are done the same way year after year without anyone questioning why it's done that way. Despite the constant change and improvement in t
California County Says Personal Information Compromised in Data Breach
The County of Tehama, California, has started informing employees, recipients of services, and affiliates that their personal information might have been compromised in a data breach.
9 VOIP security best practices to consider for your business
Is VOIP secure? Can VOIP be hacked? Learn about why VOIP security is important and the best practices for your business to consider with our guide. The post appeared first on .
33 Attorneys General Send Letter to FTC on Commercial Surveillance Rules
Attorneys general in 33 US states are urging the Federal Trade Commission (FTC) to take into consideration consumer risks as it looks into creating rules to crack down on commercial surveillance.
Google Wins Lawsuit Against Russians Linked to Blockchain-based Glupteba Botnet
Google has won a lawsuit filed against two Russian nationals in connection with the operation of a botnet called Glupteba, the company said last week. The U.S. District Court for the Southern District of New York imposed monetary sanctions against the d
Google Making Cobalt Strike Pentesting Tool Harder to Abuse
Google has announced the release of YARA rules and a VirusTotal Collection to help detect Cobalt Strike and disrupt its malicious use.
PoC Code Published for High-Severity macOS Sandbox Escape Vulnerability
A security researcher has published details and proof-of-concept (PoC) code for a macOS vulnerability that could be exploited to escape a sandbox and execute code within Terminal.
Security Researchers Looking at Mastodon as Its Popularity Soars
Cybersecurity researchers are increasingly looking at Mastodon now that the decentralized social media platform’s popularity has soared, and they have started finding vulnerabilities and other security issues.
Google Identifies 34 Cracked Versions of Popular Cobalt Strike Hacking Toolkit in the Wild
Google Cloud last week disclosed that it identified 34 different hacked release versions of the Cobalt Strike tool in the wild, the earliest of which shipped in November 2012. The versions, spanning 1.44 to 4.7, add up to a total of 275 unique JAR files
Indian Government Publishes Draft of Digital Personal Data Protection Bill 2022
The Indian government on Friday released a draft version of the much-awaited data protection regulation, making it the fourth such effort since it was first proposed in July 2018. The Digital Personal Data Protection Bill, 2022, as it's called, aims to
source : hackernews, securityweek, techrepublicsecurity, welivesecurity