Security News > 2022 > August

Dylan Ayrey, a bug hunter and CEO of Truffle Security, discovered a big data company credential dump containing personal information belonging to about 50,000 of its users, and still hasn't fixed it. There's a ton of personal data stored on researchers' laptops and bug bounty platforms, some of which don't require multi-factor authentication to access, Ayrey said.

It covers elements of critical infrastructure exploitation, adversarial artificial intelligence, initial access brokers, critical event management, extended detection and response, and other issues shaping our current security environment. This report covers topics confronting individuals and organizations around the world.

While phishing remains the most common attack vector, threat actors have introduced tactics, techniques, and procedures that don't require a victim to click on a malicious link or open a weaponized document to become infected. Instead, they are utilizing exploits, such as Eternal Blue, and uncommon programming languages and obscure data formats to deposit ransomware directly on to victims' systems, thereby acquiring the persistent access they need to exchange encryption keys and process payments.

Critical steps for a successful cyber security awareness campaign Staff working remotely are at greater risk of compromising organizational security. Home connections are less secure. Employees...

Only 55 percent of companies have any insurance at all. "The situation is particularly acute for uninsured small and mid-sized businesses, who must weigh the soaring costs of cyber insurance premiums against the very real risk of being unable to recover from a successful attack."

The security industry needs to take a leaf from the manual of an industry where smart incident response is literally life and death, if it is to fix systemic problems. In a presentation at the Black Hat security conference in Las Vegas Tarah Wheeler, an advisor to the US Council of Foreign Relations and founder of security startup Red Queen Dynamics, and Harvard Kennedy School researcher Victoria Ontiveros, unveiled a project that takes the exhaustive incident investigation processes used in the aviation industry and apply them to information security.

Microsoft is investigating customer reports of a known issue causing Outlook for Microsoft 365 to freeze and crash right after opening. According to a new support document published by Redmond on Thursday, these Outlook desktop client crashes will be automatically logged and can be confirmed by checking the Windows Event Viewer Application Log for Event 1000 or Event 1001.

The U.S. State Department announced a $10 million reward today for information on five high-ranking Conti ransomware members, including showing the face of one of the members for the first time. Today, for the first time, the State Department revealed the face of a known Conti ransomware operator known as 'Target,' offering rewards of up to $10 million for information on him and four other members known as 'Tramp,' 'Dandis,' 'Professor,' and 'Reshaev.

The hacktivist attacks that have occurred during the ongoing war in Ukraine are setting a dangerous precedent for cyber norms - and infrastructure security, according to journalist and author Kim Zetter. Zetter, for her part, focused on Ukrainian hacktivists and sympathizers, possibly because Russia usually displays very little regard for international norms, cyber or otherwise.

How credential phishing attacks threaten a host of industries and organizations. A report released Thursday by email security provider Abnormal Security looks at the latest wave of credential phishing attacks and offers advice on how to stop them.