Security News > 2020 > September

Microsoft has developed a deepfakes detection tool to help news publishers and political campaigns, as well as technology to help content creators "Mark" their images and videos in a way that will show if the content has been manipulated post-creation. The technology has been perfected since then and will surely continue to evolve and go on to produce ever more difficult-to-spot deepfakes.

Some intelligence services focus their efforts on identifying threat actor groups and attack methods, informing their customers whether they are targeted or not. Some terms are beginning to emerge to better define intelligence offerings, with the most prominent one being Digital Risk Protection, or DPO. While it is used by many vendors to describe services designed to identify external threats, it does often time seem to include the traditional "Threat intelligence" as part of the vendor's offering, such as malware IOCs, blurring the lines between the two terms.

Researchers discovered the new malware being distributed over the past six months through two separate campaigns. "Based on the use of publicly known sender addresses associated with Tibetan dissident targeting and the delivery of Sepulcher malware payloads, [we] have attributed both campaigns to the APT actor TA413," said Proofpoint researchers in a Wednesday analysis.

Cybercriminal groups are constantly evolving to find new ways to pilfer financial information, and the latest trick in their arsenal is to leverage the messaging app Telegram to their benefit. In what's a new tactic adopted by Magecart groups, the encrypted messaging service is being used to send stolen payment details from compromised websites back to the attackers.

The global shift to a remote workforce has redefined the way organizations structure their business models. To win the war on ransomware, organizations should incorporate a plan for IT organizations that ensures they have the resilience needed to overcome any attack.

Greg Priore, the person in charge of the rare book room at the Carnegie Library, stole from it for almost two decades before getting caught. It’s a perennial problem: trusted insiders have to be trusted.

Application developers are not security specialists, and likely do not have the knowledge and skills to find and fix security issues in a timely manner. The AWS cloud platform is ripe for security automation.

In this article, we'll take a look at security vulnerabilities in the context of CMS platforms and the implications of SQL injection attacks on your website. Web app attacks, which are commonly executed via SQL injection, are down from last year but have been trending dangerously upward since February, with 2.1 million attacks rising steadily to 4.9 million attacks in June.

33% of companies within the digital supply chain expose common network services such as data storage, remote access and network administration to the internet, according to RiskRecon. The data was analyzed in two strategic ways: the direct proportion of internet-facing hosts running unsafe services, as well as the percentage of companies that expose unsafe services somewhere across their infrastructure.

Cybercriminal groups are constantly evolving to find new ways to pilfer financial information, and the latest trick in their arsenal is to leverage the messaging app Telegram to their benefit. In what's a new tactic adopted by Magecart groups, the encrypted messaging service is being used to send stolen payment details from compromised websites back to the attackers.