Security News

Beijing probes security at academic journal database
2022-06-27 05:30

China's internet regulator has launched an investigation into the security regime protecting academic journal database China National Knowledge Infrastructure, citing national security concerns. CNKI is a privately-owned publishing company that maintains a monopoly on academic journal searches in China.

OT security: Helping under-resourced critical infrastructure organizations
2022-06-27 05:00

In this Help Net Security interview, Dawn Cappelly, Director of OT-CERT at the industrial cybersecurity company Dragos, talks about the OT security risks critical infrastructure organizations are facing, offers advice on how they can overcome obstacles that prevent them improving their cybersecurity posture, and explains how the recently set up OT-CERT she's heading can help asset owners and operators of industrial infrastructure. Although frameworks and best practices are emerging in OT security, organizations usually need to rely on OT security experts to assist in these assessments and remediation recommendations.

How phishing attacks are becoming more sophisticated
2022-06-27 04:30

The latest APWG's Phishing Activity Trends Report reveals that in the first quarter of 2022 there were 1,025,968 total phishing attacks-the worst quarter for phishing observed to date. This quarter was the first time the three-month total has exceeded one million.

Clearview fine: The unacceptable face of modern surveillance
2022-06-27 04:00

The UK's Information Commissioner's Office has issued its third largest ever fine of £7.5m. It was imposed on Clearview AI, the controversial facial recognition company that has already been on the wrong end of similar decisions from regulators in Italy, France and Australia. It's not just your face: Surveillance technology is expanding at such a pace that it's now possible to analyze the way you walk, your heartbeat, breathing pattern, and, controversially, emotions.

What Are Shadow IDs, and How Are They Crucial in 2022?
2022-06-27 03:38

Just employees circumventing regulation using, well, Shadow IT. Not because they tried to obfuscate or hide anything, simply because it was a convenient tool that they preferred over any other sanctioned products. Gartner has identified External Attack Surface Management, Digital Supply Chain Risk, and Identity Threat Detection as the top three trends to focus on in 2022, all of which are closely intertwined with Shadow IT. "Shadow IDs," or in other words, unmanaged employee identities and accounts in third-party services are often created using a simple email-and-password-based registration.

Critical Security Flaws Identified in CODESYS ICS Automation Software
2022-06-27 03:35

CODESYS has released patches to address as many as 11 security flaws that, if successfully exploited, could result in information disclosure and a denial-of-service condition, among others. CODESYS is a software suite used by automation specialists as a development environment for programmable logic controller applications.

Cybercriminals use Azure Front Door in phishing attacks
2022-06-27 03:30

Resecurity, Inc. has identified a spike in phishing content delivered via Azure Front Door, a cloud CDN service provided by Microsoft. According to experts, such tactics confirm how the bad actors are continuously looking to enhance their tactics and procedures to avoid phishing detection using world-known cloud services.

Italy Data Protection Authority Warns Websites Against Use of Google Analytics
2022-06-27 03:21

Following the footsteps of Austria and France, the Italian Data Protection Authority has become the latest regulator to find the use of Google Analytics to be non-compliant with E.U. data protection regulations. The agency said the transfer of personal information violates the data protection legislation because the U.S. is a "Country without an adequate level of protection," while highlighting the "Possibility for U.S. government authorities and intelligence agencies to access personal data transferred without due guarantees."

48% of security practitioners seeing 3x increase in alerts per day
2022-06-27 03:00

Panther Labs surveyed 400 active security practitioners, primarily, security analysts and security engineers, to reflect the "Boots on the ground" perspective for security teams. Over the last 12 months, 48% have seen a 3x increase in the number of alerts per day.

Researchers Warn of 'Matanbuchus' Malware Campaign Dropping Cobalt Strike Beacons
2022-06-27 03:00

A malware-as-a-service dubbed Matanbuchus has been observed spreading through phishing campaigns, ultimately dropping the Cobalt Strike post-exploitation framework on compromised machines. "If we look historically, BelialDemon has been involved in the development of malware loaders," Unit 42 researchers Jeff White and Kyle Wilhoit noted in a June 2021 report.