Security News

DMARC enforces the use of a combination ofSPF andDKIM email authentication technologies to ensure only real emails are delivered to the end receivers. Without DMARC, all emails sent from the email domain of your business reaches the receiver's inbox without any security check or validation.

A hacker began selling access to hundreds of stolen executive email accounts last Friday, ZDNet reported. Javvad Malik, security awareness advocate at cybersecurity company KnowBe4, called email account access the "Crown jewels" for anyone looking to damage an organization, and the accounts of C-level executives were even more integral to an enterprise.

That group is the hacker and cyber attacker fraternity, which has spotted that the sudden switch to remote working arrangements has delivered them a much wider attack surface to target, while security pros are stretched thinner than ever. By thinking like them before you start to fight back, which is what we'll be showing you how to do in our webcast How I'd Attack You, on November 18 at 0900 PT. The Register's own one-man attack surface Tim Phillips will be joined by Dan Fein and Mariana Pereira of cyber defence specialists Darktrace.

The anatomy of an endpoint attackA lot has changed across the cybersecurity threat landscape in the last decade, but one thing has remained the same: the endpoint is under siege. Cybercriminals are using legitimate Office 365 services to launch attacksVectra released its report on Microsoft Office 365, which highlights the use of Office 365 in enterprise cyberattacks.

A man who spied on unsuspecting victims through their webcams has escaped a prison sentence after buying off-the-shelf LuminosityLink malware and using CCTV software to spy on them. Crown prosecutor Russell Pyne told the court that Wood had been caught by police as part of a wider multinational investigation into LuminosityLink creator Colton Grubbs, who pleaded guilty to US criminal charges over the malware in 2018.

A man who spied on unsuspecting victims through their webcams has escaped a prison sentence after buying off-the-shelf LuminosityLink malware and using CCTV software to spy on them. Crown prosecutor Russell Pyne told the court that Wood had been caught by police as part of a wider multinational investigation into LuminosityLink creator Colton Grubbs, who pleaded guilty to US criminal charges over the malware in 2018.

The coronavirus pandemic brought a new slew of cyber threats, feeding on how "Anxiety and desperation can make it easy to let one's guard down when it comes to online threats," Forcepoint principal security analyst Carl Leonard told TechRepublic in March. Briefly, the 411 on the current cyber threat situation revolves around: Personal devices used for work can be hacked in a multitude of ways; the vast majority of hacks don't use malware; unemotional and undaunted by a lack of feeling, AI is a great tool to use, and won't be jeopardized by human error, and now is the time for companies to adopt and integrate much-needed security measures, supported by great company/employee communication, trainings, etc.

Three cybersecurity experts explained how artificial intelligence and machine learning can be used to evade cybersecurity defenses and make breaches faster and more efficient during a NCSA and Nasdaq cybersecurity summit. Tim Bandos, chief information security officer at Digital Guardian, said that cybersecurity will always need human minds to build strong defenses and stop attacks.

Incident response and detection is a critical part of your security operation - it's hard to defend against what you can't see, particularly when your attack surface now extends from on-prem and into the cloud. Do you feel like it's the criminals and hackers who have grabbed all the benefits of moving to the cloud, being able to scale up their operations at will, leverage technologies like machine learning and AI, and exploit vulnerabilities left as target organizations hybridize their own operations.

Penetration testing tool Cobalt Strike is increasingly being used by black hats in non-simulated attacks as traces show up in scenarios from ransomware infections to state-backed APT threats, says Cisco Talos. Claiming that the tool "Accounted for 66 per cent of all ransomware attacks Cisco Talos Incident Response responded to this quarter," the threat intel firm reckons that both criminal hackers and pentesting security analysts' red teams alike are making great use of Cobalt Strike, especially for its ability to deploy listeners on targeted networks.