The cost of a data breach is not easy to define, but as more organizations fall victim to attacks and exposures, the potential financial repercussions are becoming clearer. For modern businesses of all shapes and sizes, the monetary impact of suffering a data breach is substantial. IBM’s latest Cost of a Data Breach report discovered that, in 2022, the average cost of a data breach...
Read More
Piracy in the media and entertainment industry has been around well before we saw it comically featured on Seinfeld in 1996. But with the introduction of streaming video, piracy is now a multi-layered problem. The latest wrinkle? Fragmentation of the video streaming industry. Fed up with subscribing to multiple streaming services and still not being able to view what they want, viewers are more willing...
Read More
The malware loader known as Bumblebee is being increasingly co-opted by threat actors associated with BazarLoader, TrickBot, and IcedID in their campaigns to breach target networks for post-exploitation activities. "Bumblebee operators conduct intensive reconnaissance activities and redirect the output of executed commands to files for exfiltration," Cybereason researchers Meroujan Antonyan and Alon Laufer said in a technical write-up. Bumblebee first came to light in March 2022 when...
Read More
Two teams of researchers have revealed vulnerabilities this week in Unified Extensible Firmware Interface (UEFI) implementations and bootloaders that could allow attackers to defeat the secure boot defenses of modern PCs and deploy highly persistent rootkits. Researchers from firmware and hardware security firm Eclypsium published a report on vulnerabilities they found in three third-party bootloaders that are digitally signed by Microsoft's root of trust. They can...
Read More
A security feature bypass vulnerability has been uncovered in three signed third-party Unified Extensible Firmware Interface (UEFI) boot loaders that allow bypass of the UEFI Secure Boot feature. "These vulnerabilities can be exploited by mounting the EFI System Partition and replacing the existing bootloader with the vulnerable one, or modifying a UEFI variable to load the vulnerable loader instead of the existing one," hardware security firm...
Read More
BLACK HAT USA – Las Vegas – Keeping up with security-vulnerability patching is challenging at best, but prioritizing which bugs to focus on has become more difficult than ever before, thanks to context-lacking CVSS scores, muddy vendor advisories, and incomplete fixes that leave admins with a false sense of security. That's the argument that Brian Gorenc and Dustin Childs, both with Trend Micro's Zero Day Initiative...
Read More
When he took on a role as executive manager of cybersecurity for the Salvation Army Australia in 2019, Lachlan McGill knew he was in for a challenge, but it was only as he began educating himself about the organisation’s reach, and its woeful cybersecurity status, that he realised just how big a challenge it would be. Security protections had evolved in a piecemeal way over time...
Read More
Facebook parent company Meta disclosed that it took action against two espionage operations in South Asia that leveraged its social media platforms to distribute malware to potential targets. The first set of activities is what the company described as "persistent and well-resourced" and undertaken by a hacking group tracked under the moniker Bitter APT (aka APT-C-08 or T-APT-17) targeting individuals in New Zealand, India, Pakistan and...
Read More
Thousands of mobile apps are leaking Twitter API keys — some of which give adversaries a way to access or take over the Twitter accounts of users of these applications and assemble a bot army for spreading disinformation, spam, and malware via the social media platform. Researchers from India-based CloudSEK said they had identified a total of 3,207 mobile applications leaking valid Twitter Consumer Key and...
Read More
Threat actors exhibited "ceaseless creativity" last year when attacking the Achilles heel of every organization—its human capital—according to Proofpoint's annual The Human Factor 2022 report. The report, released June 2, draws on a multi-trillion datapoint graph created from the company's deployments to identify the latest attack trends by malicious players. "Last year, attackers demonstrated just how unscrupulous they really are, making protecting people from cyber threats...
Read More