Security News

Thieves operating for the North Korean government made off with almost $400m in digicash last year in a concerted attack to steal and launder as much currency as they could. Bitcoin used to be a top target but Ether is now the most stolen currency, say the researchers, accounting for 58 per cent of the funds filched.

The US Federal Communications Commission is considering imposing stricter rules requiring telecommunications carriers to report data breaches to customers and law enforcement more quickly. Chairwoman Jessica Rosenworcel drafted a document outlining the new proposal to strengthen the FCC's powers for disclosing data breaches and leaks to customers and federal agencies of "Customer proprietary network information." The updated rules, published this week, would keep the FCC in line with other federal and state data breach laws, she said.

Microsoft's first Patch Tuesday of 2022 has, for some folk, broken Hyper-V and sent domain controllers into boot loops. As well as the broken Hyper-V, popular tech blog Born City noted problems with boot loops on domain controllers, with other versions of Windows Server affected.

A Russian national working for a cybersecurity company has been extradited to the U.S. where he is being charged for hacking into computer networks of two U.S.-based filing agents used by multiple companies to file quarterly and annual earnings through the Securities and Exchange Commissions system. The defendants used compromised employee credentials to access the networks of the targeted filing agent and view or download data related to earnings of multiple companies, including SEC filings and press releases.

Given that the speed with which organizations typically manage vulnerabilities is typically measured in days or months, "That fact that attackers could find and compromise our honeypots in minutes was shocking," Unit 42 principal cloud security researcher Jay Chen wrote in the post. The study clearly shows how quickly these common misconfigurations can lead to data breaches or attackers' taking down an entire network-given that "Most of these internet-facing services are connected to some other cloud workloads," Chen wrote.

US federal bank regulatory agencies have approved a new rule ordering banks to notify their primary federal regulators of significant computer-security incidents within 36 hours. Banks are only required to report major cyberattacks if they have or will likely impact their operations, the ability to deliver banking products and services, or the US financial sector's stability.

US federal bank regulatory agencies have approved a new rule ordering banks to notify their primary federal regulators of significant computer-security incidents within 36 hours. Banks are only required to report major cyberattacks if they have or will likely impact their operations, the ability to deliver banking products and services, or the US financial sector's stability.

Does your pentesting program bring enough value? Find out in this exclusive in-depth report comparing Pentest as a Service vs. traditional consulting engagements and check out our ROI calculator to learn how PtaaS can double your pentesting impact. Pentests, whether done with traditional consulting firms or up-and-coming PtaaS providers, have become a critical component across all security programs.

The idea is simple: instead of building a single-purpose malware program for each attack, and unleashing it on its own, why not spearhead the attack with a general purpose malware agent that calls home to report its arrival, and awaits further instructions? Emotet first, to form a beachhead inside your network; Followed by Trickbot or some other network-snooping malware to learn, plunder, hack, tweak, reconfigure and manipulate your computer estate until the crooks behind the stealing and surveillance had learned as much as they felt they needed to know; Followed by a final, apocalyptic, flaming-skulls-on-your-wallpaper-type blast of ransomware and an associated, possibly breathtakingly expensive, blackmail demand.

A third of employees admit lying to hide the fact that they accidentally deleted data, most doing so out of embarrassment or fear of punishment. A study of knowledge workers in 10 countries found that workplace cultures of blame and fear are causing businesses to lose critical, sensitive data that could have otherwise been saved if employees were comfortable enough to come forward.