Security News

The internet has become the catalyst to an ever-growing global economy. At its foundation, it was designed for connectivity, but not security.

A new FLASH report from the FBI warns about cyber actors scraping credit card data from compromised online checkout pages from US businesses. According to the FBI, a US business was targeted in September 2020 by an unidentified threat actor, who inserted malicious PHP code into the checkout page of the targeted company website.

If you head to CyberThreat 22 this Autumn you can draw on the expertise of some of the world's most experienced practitioners. This year's event takes place from September 12 to 13, at the Park Plaza in Westminster, London, and is backed by two of the most influential organizations in cybersecurity - SANS Institute and the UK government's National Cyber Security Centre, which is part of GCHQ. The organisers unabashedly describe Cyberthreat as the most technical cybersecurity event in the UK, but recognise that Cyber Defence is a team sport, that everyone is on a different journey and that every discovery, analytic achievement and breakthrough is backed by a personal story.

The new malware service, dubbed the Eternity Project by the threat actors behind it, allows cybercriminals to target potential victims with a customized threat offering based on individual modules they can buy for prices ranging from $90 to $490, researchers from security firm Cyble wrote in a blog post published Thursday. The modules include a stealer, clipper, worm, miner and ransomware, depending on what type of attack a threat actors wants to mount, according to the post.

Nearly every week in 2021 and early 2022, a prominent organization has been in the media spotlight as their public relations team struggles to explain how they were attacked and how they can regain consumer confidence. Many teams center their plans around prevention of the initial attack, not response, after an adversary successfully gains a foothold.

Many security executives say they're unprepared for the threats that lie ahead. As cyberattacks grow in both number and sophistication, organizations are increasingly under the gun to protect themselves from compromise. A report released Tuesday by research firm ThoughtLab looks at how businesses and government agencies can better defend themselves against the security threats that lie ahead. SEE: Mobile device security policy.

Hardware attacks are becoming more and more sophisticated. Security increasingly supported in hardware - Mistakes can introduce severe vulnerabilities.

A recent Imperva report found only 18 percent prioritized spend on a dedicated insider threat program compared to 25 percent focused on external threat intelligence. In addition to getting people onboard and policies in place, the business will need to inventory its data and locate data sources, determine how it will monitor behaviors, adapt the training program, and carry out investigations as well as how the ITP itself will be assessed on a regular basis.

Microsoft is rolling out its "Security Experts" managed service with an eye on stomping down threats and malware. Microsoft is planning to roll out three such managed services in 2022, one of which became available today.

A new report from Mandiant reveals details about an ongoing cyberespionage operation run by a threat actor dubbed UNC3524, monitored by Mandiant since December 2019. While such targeting may suggest financial motivations, Mandiant believes it's instead motivated by espionage, because the threat actor maintains its access and remains undetected for an order of magnitude longer than the average dwell time of 21 days.