Security News

Software supply chain risk has grown to be a significant concern for organizations as cyber attackers look to take advantage of the accelerating digitalization that has seen many enterprises significantly increase their reliance on cloud-based solutions and services, as well as third-party service providers. In this Help Net Security video, Marc Woolward, Global CTO & CISO at vArmour, talks about notable supply chain attacks and predicts how they will evolve in 2023.

Harrington and Meiggs were charged in November 2019 for targeting at least ten victims in SIM swapping attacks and, in some cases, with death threats. According to the court documents, they allegedly stole $200,000 worth of cryptocurrency in one go from an Arizona resident who "Publicly communicated with cryptocurrency experts online," while $100,000 were swiped from a victim in California with close ties to someone who "Operated a blockchain-based business."

While knowing full well that human lives may be at stake, criminal gangs have been increasingly targeting the healthcare sector with high-impact attacks like ransomware. Healthcare providers should set up numerous layers of defense for a variety of email-borne threats.

Meta was officially designated as a terrorist organization for the first time in Russia in March 2022, when a Moscow court claimed the world's most popular social media platform hosted what they ruled as misinformation. Adopting the "Terrorist" classification for Meta by the Federal State marks a new development, leaving millions of Russian users of Facebook, Instagram, and WhatsApp unsure about what this means.

Teaching people to think like hackers is better than teaching them to fear the bogeyman, in many dimensions. It's much better to teach people how to write phishing emails.

2022 State of the Threat: Ransomware is still hitting companies hard. The ransomware landscape has not changed in terms of volume, yet the researchers from SecureWorks report that incident response engagements in May and June 2022 saw the rate of successful ransomware attacks reduce.

The Federal Bureau of Investigation warned today of foreign influence operations that might spread disinformation to affect the results of this year's midterm elections. The federal law enforcement agency warned that foreign actors are actively spreading election infrastructure disinformation to manipulate public opinion, discredit the electoral process, sow discord, and encourage a lack of trust in democratic processes and institutions.

The FBI and Cybersecurity and Infrastructure Security Agency claim any foreign interference in the 2022 US midterm elections is unlikely to disrupt or prevent voting, compromise ballot integrity or manipulate votes at scale. Despite popular narratives in some political circles that the 2020 election was insecure and fraudulent, there hasn't been any evidence to suggest that, the FBI and CISA said in the PSA. The agencies also took the time to explain how US election systems are secured using "a variety of technological, physical, and procedural controls to mitigate the likelihood of malicious cyber activity" that could affect "Election infrastructure systems or data that would alter votes or otherwise disrupt or prevent voting."

OpenText announced the Nastiest Malware of 2022, a ranking of the year's biggest cyber threats. For the fifth year running, experts combed through the data, analysed different behaviours, and determined which malicious payloads are the nastiest.

Software supply chains at risk: The account takeover threat. A software supply chain attack consists of targeting software repositories or download locations, in order to spread malware instead of or in addition to legitimate software.