Stealthy firmware bootkit leveraged by APT in targeted attacks
Kaspersky researchers have uncovered the third known case of a firmware bootkit in the wild. Dubbed MoonBounce, this malicious implant is hidden within Unified Extensible Firmware Interface (UEFI) firmware, an essential part of computers, in the SPI.....»»
Choking local funding prevents terrorism
Terrorist attacks are highly responsive to local funding availability, and financial counter-terrorism can, thus, be effective in reducing terrorism casualties, according to new research by Nicola Limodio (Department of Finance, Bocconi University) f.....»»
New infosec products of the week: May 27, 2022
Here’s a look at the most interesting products from the past week, featuring releases from Corelight, Fortinet, Hunters, Kingston Digital, Netenrich, PIXM, and SafeGuard Cyber. PIXM Mobile provides real-time protection from phishing attacks on mobi.....»»
CyberPeace Institute and Partisia Blockchain protect humanitarian organizations against cyber threats
A strategic collaboration in cybersecurity to defend humanitarian organizations against targeted cyberattacks is announced between the CyberPeace Institute and Partisia Blockchain Foundation. This collaboration responds to the rise in cyber attacks t.....»»
Twitter pays $150M fine for using two-factor login details to target ads
Twitter targeted ads with phone numbers and emails collected for security purposes. Enlarge (credit: Getty Images | Peter Dazeley) Twitter has agreed to pay a $150 million penalty for targeting ads at users with phone numbers.....»»
Senate Report Finds Government is Unprepared To Stop Ransomware Attacks
In the past few years, ransomware attacks have crippled schools, hospitals, city governments, and pipelines. Yet, despite the heavy toll such incidents have on both the public and private sectors, government officials have only a limited understandin.....»»
Sigstore: Signature verification for protection against supply chain attacks
Software supply chain attacks have been increasing over the past few years, spurring the Biden administration to release an executive order detailing what government agencies are supposed to do to protect themselves against them. These attacks consis.....»»
BlackBerry partners with NXP Semiconductors to help companies prepare for post-quantum cyber attacks
BlackBerry announced it will provide support for quantum-resistant secure boot signatures for NXP Semiconductors‘ crypto-agile S32G vehicle networking processors in a demonstration to illustrate how to mitigate the risk of potential quantum com.....»»
Verizon 2022 DBIR: External attacks and ransomware reign
There has been an alarming rise (13%) in ransomware breaches – a jump greater than the past 5 years combined, Verizon Business has revealed in its 2022 Data Breach Investigations Report (2022 DBIR). Verizon Business 2022 DBIR: Key findings Veri.....»»
PIXM Mobile provides real-time protection from phishing attacks on mobile devices
PIXM announced the expansion of its anti-phishing products with the launch of PIXM Mobile, which protects individuals and enterprises from targeted and unknown phishing attacks on mobile devices. PIXM Mobile is a cloud-based mobile solution developed.....»»
SafeGuard Cyber adds email protection for Microsoft 365 to defend customers against sophisticated attacks
SafeGuard Cyber announces the addition of email protection for Microsoft 365 to its comprehensive security suite of protected communication channels. SafeGuard Cyber’s security for email and multi-channel communications is now available to all cust.....»»
Account pre-hijacking attacks possible on many online services
Online accounts getting hijacked and misused is an everyday occurrence, but did you know that account pre-hijacking attacks are also possible? Inspired by previous research on preemptive account hijacking by way of single sign-on (SSO) technology, re.....»»
Since organizations apply more compliance programs, proper planning is essential
A-LIGN released its 2022 Compliance Benchmark Report, highlighting the concern over increased threat of ransomware attacks and the need for organizations to adopt a more streamlined approach to their compliance requirements. The post Since organizati.....»»
Paying ransom doesn’t guarantee data recovery
A Veeam report has found that 72% of organizations had partial or complete attacks on their backup repositories, dramatically impacting the ability to recover data without paying the ransom. Additionally, 76% of organizations admitted to paying the r.....»»
Paying the ransom is not a good recovery strategy
Businesses are losing the battle when it comes to defending against ransomware attacks, according to a Veeam report, which found that 72% of organizations had partial or complete attacks on their backup repositories, dramatically impacting the abilit.....»»
Facebook-parent Meta to share more details with researchers about political ad targeting
Facebook-parent Meta on Monday said it would soon offer more transparency and information to researchers about how political and social ads are targeted to users on the platform, months before the US midterm elections......»»
By streamlining compliance, companies can focus more on security
A-LIGN released its 2022 Compliance Benchmark Report, highlighting the concern over increased threat of ransomware attacks and the need for organizations to adopt a more streamlined approach to their compliance requirements. The survey was conducted.....»»
Multiple habitats need protecting to save UK bumblebees, finds 10-year citizen science study
A study using 10 years of citizen science data from the Bumblebee Conservation Trust's BeeWalk scheme has found that a variety of targeted conservation approaches are needed to protect UK bumblebee species. The findings are published the British Ecol.....»»
Microsoft Warns of "Stealthy DDoS Malware" Targeting Linux Devices
"In the last six months, we observed a 254% increase in activity from a Linux trojan called XorDdos," writes the Microsoft 365 Defender Research Team. It's a trojan combining denial-of-service functionality with XOR-based encryption for communication.....»»
This Netgear Orbi firmware update actually locked out users
A Netgear Orbi firmware update prevented users from accessing the admin console......»»
What the new Jurassic Park movie gets wrong: Aerodynamic analysis causes a rethink of the biggest pterosaur
One of the most exciting moments of the new Jurassic Park sequel, "Jurassic World Dominion," is when the Quetzalcoatlus swoops down from the sky and attacks the heroes' aircraft. With its gigantic wings reaching 10 meters in length end to end, the Qu.....»»