Security News > 2023 > January

Many organizations, big and small, have once a year pen testing cycle. If your organization is in a high-risk industry, you should consider conducting pen testing more frequently to ensure that your systems are secure and meet regulatory compliance.

We recently learned that Alec Baldwin is being charged with involuntary manslaughter for his accidental shooting on a movie set. I don't know the details of the case, nor the intricacies of the law, but I have a question about movie props.

IoT hardware is at the heart of much modern operational technology, the systems that support businesses, the systems that mix modern IoT hardware with legacy control and data collection devices. So how can we protect our devices, networks and businesses, especially when we already have a large estate of deployed hardware? Microsoft's Defender for IoT is one option, adding network sensors and firmware analysis tools to help spot compromised and at-risk hardware and working in conjunction with Microsoft Sentinel to use machine learning to identify threats early.

Tricking users at targeted organizations into installing legitimate remote monitoring and management software has become a familiar pattern employed by financially motivated attackers. After discovering the maliciously installed software on a system at one of the FCEB agencies, CISA went searching for and found more thusly compromised systems at other agencies.

A man suspected of stealing personal data belonging to tens of millions of people worldwide and selling that info on cybercrime forums has been arrested by Dutch police. The alleged crook pulled together information including names, genders, addresses, and birth dates belonging to pretty much everyone in Austria, it is claimed.

Cybersecurity researchers have unearthed a new Python-based attack campaign that leverages a Python-based remote access trojan to gain control over compromised systems since at least August 2022. LNK files retrieves two text files from a remote server that are subsequently renamed to.

Security will always be front of mind for businesses, and open source and its collaborative nature have the power to drive new ways of protecting against evolving security threats. For companies choosing open source, this becomes collaborative, with multiple organizations and individuals having a stake in ensuring that security is kept tight and up to date.

Currently, the value of generative AI, like ChatGPT and DALL-E, is lopsided in favor of threat actors. Threat actors using generative AI in their attack arsenal is an eventuality, and now we need to focus on how we will defend against this new threat.

At least two federal agencies in the U.S. fell victim to a "Widespread cyber campaign" that involved the use of legitimate remote monitoring and management software to perpetuate a phishing scam. "Specifically, cyber criminal actors sent phishing emails that led to the download of legitimate RMM software - ScreenConnect and AnyDesk - which the actors used in a refund scam to steal money from victim bank accounts," U.S. cybersecurity authorities said.

Data compromises steadily increased in the second half of 2022. Data breach notices suddenly lacked details, resulting in increased risk for individuals and businesses, as well as uncertainty about the number of data breaches and victims.