Security News > 2023 > March

The Cyber Police of Ukraine, in collaboration with law enforcement officials from Czechia, has arrested several members of a cybercriminal gang that set up phishing sites to target European users. The suspects are alleged to have created more than 100 phishing portals aimed at users in France, Spain, Poland, Czechia, Portugal, and other nations in the region.

Organizations rely on Incident response to ensure they are immediately aware of security incidents, allowing for quick action to minimize damage. In the upcoming webinar, we'll outline, in detail, six components of a SANS incident response plan, including elements such as preparation, identification, containment, and eradication.

Given the importance of the Treasury department's function to Britain, Reg readers might expect the Head of Cyber Security vacancy currently being advertised would come with a salary that reflects its criticality. "We're looking for a Head of Cyber Security to join the team and provide advice to seniors on cyber risks across our services and systems," the posting reads.

Enterprise communications software maker 3CX on Thursday confirmed that multiple versions of its desktop app for Windows and macOS are affected by a supply chain attack. In the interim, it's urging its customers of self-hosted and on-premise versions of the software to update to version 18.12.422.

In a classic email snafu NHS Highland sent messages to 37 patients infected with HIV and inadvertently used carbon copy instead of Blind Carbon Copy meaning the recipients could see each other's email addresses. This is according to Britain's data watchdog, the Information Commissioner's Office, which has "Reprimanded" the Health Board, which serves a regional population of some 320,000 people and has an annual operating budget of £780 million.

A cyber spy gang supporting Russia is targeting US elected officials and their staffers, in addition to European lawmakers, using unpatched Zimbra Collaboration software in two campaigns spotted by Proofpoint. At the time, the criminals were targeting government agencies in Azerbaijan, Cyprus, India, Italy, Lithuania, Ukraine, and the Vatican.

In this Help Net Security interview, Michal Cizek, CEO at GoodAccess, discusses the crucial balance between leveraging distributed resources and maintaining top-notch security measures. Implementing zero-trust security often means redesigning the access policy from the start.

The data-driven model identifies 9% of organizations as those with the most mature and holistic identity security strategies. These transformative organizations have a well-rounded focus on implementing identity security tools, are inherently agile and display a "Fail fast, learn faster" characteristic even in times of a successful cybersecurity attack.

Data backups get a lot of attention, but sadly, sometimes, the operational work that keeps networks secure - like device backups, upgrades, and configuration grooming - goes undone. Recent high-profile network outages have brought attention to the importance of not just automating improvements in network security and operations but recovering quickly and minimizing downtime when disaster strikes.

The research showed that the majority of IT teams leverage more than one IT infrastructure, a trend that's expected to intensify in the future, but struggle with visibility of data across environments with only 40% reporting complete visibility into where their data resides. "Organizations are grappling with current application and data management across the edge, different clouds and in the core. There's a need in the market for a cloud operating model to help build, operate, use, and govern a hybrid multicloud to support all types of applications - starting today and planning for tomorrow," Caswell continued.