Security News > 2022 > November

The defendants purchased on the dark web server credentials for the computer servers of Certified Public Accounting and tax preparation firms across the country. They used those server credentials to remotely and covertly commit computer intrusions and exfiltrate the tax returns of thousands of taxpayers who were clients of those CPA and tax preparation firms.

A previously undocumented Android spyware campaign has been found striking Persian-speaking individuals by masquerading as a seemingly harmless VPN application. Russian cybersecurity firm Kaspersky is tracking the campaign under the moniker SandStrike.

Mondelez International has settled its lawsuit against Zurich American Insurance Company, which it brought because the insurer refused to cover the snack giant's $100-million-plus cleanup bill following the 2017 NotPetya outbreak. It has helped fuel an ongoing debate over what constitutes an act of war - which even in cyberspace could invalidate an insurance claim - and whether insurance companies should pay damages caused by network intrusions supported or organized by nation states.

File hosting service Dropbox on Tuesday disclosed that it was the victim of a phishing campaign that allowed unidentified threat actors to gain unauthorized access to 130 of its source code repositories on GitHub."These repositories included our own copies of third-party libraries slightly modified for use by Dropbox, internal prototypes, and some tools and configuration files used by the security team," the company revealed in an advisory.

In this interview for Help Net Security, Mike Lefebvre, Director of Cybersecurity at SEI, talks about the hierarchy of cybersecurity needs and what should be done to meet them properly. A hierarchy of cybersecurity needs is inspired by a similar concept of the hierarchy of human needs, coined by the psychologist Abraham Maslow.

CISOs are working overtime and can't always switch off from work, according to a recent Tessian report. That's double the amount of overtime that they worked in 2021.

Retiring: All cloud migration initiatives should begin with an IT portfolio audit to assess migration complexity, cost requirements, and security risks. Retaining: As an alternative to the retiring strategy, retaining involves keeping some applications on-premises or in a colocation as part of a hybrid cloud strategy.

32% of CISOs or IT Security DMs in the UK and US are considering leaving their current organization, according to a research from BlackFog. This research, which explored the frustrations and challenges faced by cybersecurity professionals also highlights the impact that cyber incidents have on turnover and job security.

With high chances of user error, limited security resources, and constantly evolving computing environments, commercial and public organizations need cybersecurity resources to help protect their data and workloads in the cloud. Download this white paper to learn what CIS resources can help secure your cloud environments.

Hardening the password security layer requires a multistep approach. This IDC Analyst Brief reveals how passwords aren't going away and what can be done to improve their creation.