The notorious North Korea-linked threat actor known as the Lazarus Group has been attributed to a new global campaign that involves the opportunistic exploitation of security flaws in Log4j to deploy previously undocumented remote access trojans (RATs) on compromised hosts. Cisco Talos is tracking the activity under the name Operation Blacksmith, noting the use of […]
Cyber News
It’s happened. Details here, and tech details here (for messages in transit) and here (for messages in storage) Rollout to everyone will take months, but it’s a good day for both privacy and security. Slashdot thread. Tags: cybersecurity, encryption, Facebook, Meta Sidebar photo of Bruce Schneier by Joe MacInnis.
Cyber News
In an increasingly digital world, no organization is spared from cyber threats. Yet, not every organization has the luxury of hiring a full-time, in-house CISO. This gap in cybersecurity leadership is where you, as a vCISO, come in. You are the person who will establish, develop, and solidify the organization’s cybersecurity infrastructure, blending strategic guidance […]
Cyber News
Cybersecurity researchers have discovered 18 malicious loan apps for Android on the Google Play Store that have been collectively downloaded over 12 million times. “Despite their attractive appearance, these services are in fact designed to defraud users by offering them high-interest-rate loans endorsed with deceitful descriptions, all while collecting their victims’ personal and financial information […]
Cyber News
In the ever-evolving cybersecurity landscape, one method stands out for its chilling effectiveness – social engineering. But why does it work so well? The answer lies in the intricate dance between the attacker’s mind and human psychology. Our upcoming webinar, “Think Like a Hacker, Defend Like a Pro,” highlights this alarming trend. We delve deep […]
Cyber News
A new collection of eight process injection techniques, collectively dubbed PoolParty, could be exploited to achieve code execution in Windows systems while evading endpoint detection and response (EDR) systems. SafeBreach researcher Alon Leviev said the methods are “capable of working across all processes without any limitations, making them more flexible than existing process injection techniques.” […]
Cyber NewsWhy You Shouldn’t Ignore Social Engineering Testing When it comes to cybersecurity, most of us immediately think of firewalls, antivirus software, and secure passwords. These are all critical components of a robust cybersecurity strategy. However, the human element is often overlooked, and it’s precisely here that vulnerabilities can arise. Enter the realm of social engineering […]
Social Engineering TestingWhy You Shouldn’t Ignore HIPAA Compliance If you’re in the healthcare industry, you’ve likely come across the term “HIPAA” more than once. It’s a crucial piece of legislation that governs patient data privacy in the United States. While some might be tempted to brush it off as just another bureaucratic hurdle, the implications of ignoring […]
HIPAA ComplianceSimplify Your PCI DSS Compliance: A Practical Guide The world of digital transactions is constantly evolving, making it more convenient than ever for businesses and consumers alike. However, this convenience comes with a significant responsibility – safeguarding sensitive financial information. This is where PCI DSS (Payment Card Industry Data Security Standard) compliance enters the scene. […]
PCI DSS Compliance