Geek-Guy.com

Author: Guru Writer

Optus telco data breach – what we know so far

Optus, an Australian telecoms provider, has become the latest high-profile victim of a data breach – with the alleged attacker demanding payment to buy back millions of customer records, having already made 10,000 public online.  In the most recent developments, the attacker has now rescinded threats and deleted them from a data breach website. However, […]

The post Optus telco data breach – what we know so far appeared first on IT Security Guru.

Feedzai tops Vendor Assessment in IDC’s MarketScape for Responsible Artificial Intelligence in financial crime management

Feedzai, the RiskOps platform for financial risk management, announced that it has been named as a leader in the IDC MarketScape: Worldwide Responsible AI for Integrated Financial Crime Management Platforms 2022 Vendor Assessment. The IDC MarketScape evaluated the vendors on fairness, explainability, robustness, lineage and transparency – the five foundational elements of responsible Artificial Intelligence (AI), or […]

The post Feedzai tops Vendor Assessment in IDC’s MarketScape for Responsible Artificial Intelligence in financial crime management appeared first on IT Security Guru.

Collaboration in Cyber Security is the Key to Combatting the Growing Cyber Threat. Here’s Why

Cyber security has never been so important and in a post-pandemic world it is more important than ever. According to a recent report by Kaspersky, the number of the number of Trojan-PSW (Password Stealing Ware) detections increased by almost a quarter globally – 4,003,323 in 2022 compared to 3,029,903 in 2021. In addition, internet attacks […]

The post Collaboration in Cyber Security is the Key to Combatting the Growing Cyber Threat. Here’s Why appeared first on IT Security Guru.

The CVE Program Recognizes Dragos as a Numbering Authority for Common Vulnerabilities and Exposures

Dragos Inc., the global leader in cybersecurity for industrial controls systems (ICS)/operational technology (OT) environments, today announced it has been designated by the CVE Program as a CVE Numbering Authority (CNA). As a CNA, Dragos is authorized to assign CVE IDs to newly discovered vulnerabilities and publicly disclose information about these vulnerabilities through CVE Records. […]

The post The CVE Program Recognizes Dragos as a Numbering Authority for Common Vulnerabilities and Exposures appeared first on IT Security Guru.

Net Consulting’s UK sovereign SOC achieves Palo Alto Networks XMDR certification

Net Consulting Ltd., a specialised digital consultancy and managed-services provider for the public and private sectors, has announced it has become a Palo Alto Networks Cortex® XMDR Specialization partner, joining a select group of channel partners who have earned the distinction. Net Consulting has proven its operational capabilities and fulfilment of business requirements as well as completed […]

The post Net Consulting’s UK sovereign SOC achieves Palo Alto Networks XMDR certification appeared first on IT Security Guru.

Experts Weigh in on Rockstar GTA Leak

Rockstar Games, the publishers behind the popular Grand Theft Auto (GTA) franchise, announced earlier this week that data from the latest instalment of the GTA series has been leaked online. The leak is being described as one of gaming’s biggest security breaches. The publishers were unable to clarify how the “network intrusion” happened, but confirmed […]

The post Experts Weigh in on Rockstar GTA Leak appeared first on IT Security Guru.

CrowdStrike ups the ante with investment in API security leader, Salt Security

CrowdStrike (Nasdaq: CRWD), the cloud-delivered protection of endpoints, cloud workloads, identity and data organisation, has announced that its strategic investment arm, Falcon Fund, has invested in Salt Security, the leader in Application Programming Interface (API) security. In addition to the investment, Salt Security and CrowdStrike are partnering to bring together leading technology to apply API discovery […]

The post CrowdStrike ups the ante with investment in API security leader, Salt Security appeared first on IT Security Guru.

American Airlines Announce Data Breach Exposing Customer and Staff Information

Earlier today, American Airlines became the latest big-name brand to announce a data breach, after an unauthorized actor compromised employee inboxes. A statement released from the aerospace giant confirmed that the source of the incident was a phishing attack which “led to the unauthorized access to a limited number of team-member mailboxes.” The airline explained that […]

The post American Airlines Announce Data Breach Exposing Customer and Staff Information appeared first on IT Security Guru.

Crypto Scams Skyrocket as Domains Surge 335%

It has been predicted that cryptocurrency scams are set to explode after researchers reported a triple-digit increase in registered domains in the first half of 2022, compared to the whole of last year. Cyber security service provider, Group-IB said that they had detected over 2000 domains registered to be used as fake promotion websites in the […]

The post Crypto Scams Skyrocket as Domains Surge 335% appeared first on IT Security Guru.

iOS 16 Launches With Advanced Cyber Protection

Earlier this week, Apple officially launched its new iOS 16 operating system update for iPhone devices. The update contains several security-focused and privacy features. iOS 16 was first unveiled in June at the WWDC 2022 conference. The update supports iPhone devices starting from iPhone 8, as well as second and third generation iPhone SE devices. […]

The post iOS 16 Launches With Advanced Cyber Protection appeared first on IT Security Guru.

Energy Providers Targeted by Lazarus Group

Larazrus Group, the North Korean threat actor group, targeted a malicious campaign towards energy providers around the world between February and July 2022. In April and May, the campaign was partially disclosed by Symantec and AhnLab, respectively. Cisco Talos is providing more details now. In an advisory written on Thursday, Cisco Talos said that the […]

The post Energy Providers Targeted by Lazarus Group appeared first on IT Security Guru.

API Security for the Modern Enterprise

In today’s cloud-based enterprise, APIs are a critical part of every business. They’re used extensively to foster more rapid application development, and without proper security measures, sensitive data can easily get into the wrong hands.   As modern organizations become more dependent on APIs to achieve their goals, their API security strategy must be up-to-date […]

The post API Security for the Modern Enterprise appeared first on IT Security Guru.

Cato Networks names as 2021 Innovation Award Winner

Italian manufacturer, the Gnutti Carlo Group, has named Cato Networks its Best Supplier in the Innovation category for 2021. The award recognises the high value of the WAN connectivity and security the Cato SASE Cloud delivers in support of Gnutti Carlo Group’s digital transformation initiative. Using just Cato SASE Cloud, the Gnutti Carlo Group has […]

The post Cato Networks names as 2021 Innovation Award Winner appeared first on IT Security Guru.

Samsung Hit By Data Breach

In Late July, an undisclosed number of Samsung customers in the US had their personal information accessed by an unauthorised user. Samsung, the Korean electronics giant, said that it discovered the breach on 4th August 2022. It has since secured the affected systems, engaged a third-party security firm and contacted law enforcement. A statement issued […]

The post Samsung Hit By Data Breach appeared first on IT Security Guru.

IT and Employees Don’t Always See Eye to Eye on Cybersecurity

Although organisations appear to be highly concerned with cybersecurity, they often don’t follow the practices put into place to prevent a data leak. One of the reasons is that IT leaders and employees have completely different views on security measures, and another being the lack of emphasis on security risks, such as outbound threats, where […]

The post IT and Employees Don’t Always See Eye to Eye on Cybersecurity appeared first on IT Security Guru.

Security Serious Unsung Heroes Awards 2022 Seeking Nominations for Extraordinary People in Cybersecurity

Nominations are now open for the seventh annual Security Serious Unsung Heroes Awards. Whether educating the public, fighting cybercrime on the frontlines or mentoring a newcomer, these awards supported by the IT Security Guru are an opportunity to acknowledge the people who make the industry great, and keep us safe online. Among other long-standing categories, […]

The post Security Serious Unsung Heroes Awards 2022 Seeking Nominations for Extraordinary People in Cybersecurity appeared first on IT Security Guru.

1859 Apps Contain Hard-Coded AWS Credentials

Security researchers have identified 1,859 apps across Android and iOS containing hard-coded Amazon Web Services (AWS) credentials. This poses a huge security risk. Symantec’s Threat Hunter Team, a part of Broadcom Software, wrote in a report that “over three-quarters (77%) of the apps contained valid AWS access tokens allowing access to private AWS cloud services.” […]

The post 1859 Apps Contain Hard-Coded AWS Credentials appeared first on IT Security Guru.

The 4 Most Common OWASP API Security Threats

The Open Web Application Security Project (OWASP) works to improve the security of software worldwide. OWASP’s well-known Top 10 lists increase awareness about the most critical security risks to web applications.   As the foundation for today’s app-driven economy, APIs have risen to the very top of those risks. API usage has exploded and has […]

The post The 4 Most Common OWASP API Security Threats appeared first on IT Security Guru.

LastPass Reveal Security Incident

Password management giant LastPass has revealed details of a security incident earlier this month in which proprietary information was stolen by threat actors. The company said that the intrusions took place two weeks ago. The firm said that the intrusion took place two weeks ago. “We have determined that an unauthorized party gained access to […]

The post LastPass Reveal Security Incident appeared first on IT Security Guru.

Cato Networks SASE Cloud: “leader” and “OutPerformer” in GigaOm SSA Radar

Cato Networks recently announced that it was named as a “Leader” and “Outperformer” by GigaOm in the analyst firm’s Radar Report for Secure Service Access (SSA), GigaOm’s term for SASE/SSE. The report’s comprehensive review evaluates the degree to which suppliers converge security and networking into a single, global platform. Cato is only SASE provider to […]

The post Cato Networks SASE Cloud: “leader” and “OutPerformer” in GigaOm SSA Radar appeared first on IT Security Guru.

Quantum Ransomware Attack Disrupts Government Agency in Dominican Republic

The Dominican Republic’s Instituto Agrario Dominicano (IAD) has suffered a Quantum ransomware attack. The attack encrypted multiple services and workstations throughout the government agency. The IAD is part of the Ministry of Agriculture and is responsible for executing Agrarian Reform programmes in the country. According to local media reports, the ransomware attack occurred on 18th […]

The post Quantum Ransomware Attack Disrupts Government Agency in Dominican Republic appeared first on IT Security Guru.

Fighting Cyber Attackers Earlier to Reduce Risk

We face an exciting evolution in the cybersecurity sector.  Attackers are becoming both more efficient and intelligent at evaluating their targets and successfully carrying out their intended campaigns. Often money is at the forefront of their minds but, as we have seen recently, drivers may also be geo-political or activist views. Whatever their motivations, financial […]

The post Fighting Cyber Attackers Earlier to Reduce Risk appeared first on IT Security Guru.

Transatlantic Cyber Security Business Network (TCBN) partners with International Cyber Expo 2022

Earlier this week it was announced that the Transatlantic Cyber Security Business Network (TCBN) have partnered with the International Cyber Expo 2022. The event, which runs from 27th-28th September at Olympia London, Kensington, will host 5000 delegates and over 100 leading cyber vendors. As part of the event, TCBN will host its own exhibit that […]

The post Transatlantic Cyber Security Business Network (TCBN) partners with International Cyber Expo 2022 appeared first on IT Security Guru.

Job Seekers Targeted in Lazarus Group Hack

The North Korea state-backed Lazarus Group has been observed to be targeting job seekers with malware capable of executing on Apple Macs with Intel and M1 chipsets. ESET, a Slovak cybersecurity firm, linked these events to a campaign dubbed “Operation In(ter)ception” that was first disclosed in June 2020 and involved using social engineering tactics to […]

The post Job Seekers Targeted in Lazarus Group Hack appeared first on IT Security Guru.

Over 8000 VNC instances left exposed, researchers find

Researchers have discovered 8000 exposed Virtual Network Computing instances, which could put numerous global organisations at risk of remote compromise. As a matter of fact, the instances were managed by critical infrastructure (CNI) organisations, who are responsible for water treatment plants, manufacturing plants and research facilities. With disabled authentication, malicious actors have the ability to […]

The post Over 8000 VNC instances left exposed, researchers find appeared first on IT Security Guru.

Feedzai with Lloyds Banking Group wins Aite-Novarica Fraud Impact Award

Feedzai has been named Best Transaction Fraud Monitoring and Decisioning Innovation in the Aite-Novarica Group 2022 Fraud Impact Innovation Awards. The award highlights how Feedzai empowers the bank’s data scientists to protect customers from scams and other fraud using a patented algorithm and providing a 360-degree entity view of payment risk. Due to its proficiency in […]

The post Feedzai with Lloyds Banking Group wins Aite-Novarica Fraud Impact Award appeared first on IT Security Guru.

Google Fined A$60million in Penalties For Misleading Users on Location Data

Alphabet Inc’s Google Unit was ordered by Australia’s Federal Court to pay A$60million in penalties for misleading users on collection of their personal location data, according to Australia’s competition watchdog. The court found that Google mislead some customers about their personal location data that was being collected through their Android mobile devices between January 2017 […]

The post Google Fined A$60million in Penalties For Misleading Users on Location Data appeared first on IT Security Guru.

Vulnerabilities Found in Xiaomi’s Mobile Payment Software

Vulnerabilities in Xiaomi’s mobile payment could lead to an attacker stealing private keys used to sign Chinese social media Wechat Pay control and payment packages. The flaws were found by Check Point Research (CPR) in Xiaomi’s trusted execution environment (TEE), the system element responsible for storing and managing sensitive information such as passwords and keys. […]

The post Vulnerabilities Found in Xiaomi’s Mobile Payment Software appeared first on IT Security Guru.

Meta Take Action Against Two Cyber Espionage Operations in South Africa

Action has been taken against two cyber espionage operations in South Africa, according to Meta. Action has been taken against Bitter APT and APT36. The announcement was made by the company last Thursday in its Quarterly Adversarial Threat Report, Second Quarter 2022. In the report, Meta’s Global Threat Intelligence Lead, Ben Ninmo, and Director of […]

The post Meta Take Action Against Two Cyber Espionage Operations in South Africa appeared first on IT Security Guru.

7-Eleven Stores in Denmark Close After Cyberattack

7-Eleven stores in Denmark closed their doors yesterday after a cyberattack disrupted store payment and checkout systems throughout the country. The attack occurred early on the 8th August, with the company posting on Facebook that they were likely “exposed to a hacker attack”. The translated statement says that the company has closed all the stores […]

The post 7-Eleven Stores in Denmark Close After Cyberattack appeared first on IT Security Guru.

CREST membership body announces OWASP Verification Standard programme

CREST, the international not-for-profit, membership body representing the global cyber security industry, in consultation with the Open Web Application Security Project (OWASP), has launched the OWASP Verification Standard (OVS), a new quality assurance standard for the global application security industry. CREST OVS provides mobile and web app developers with greater security assurance and accredited organisations […]

The post CREST membership body announces OWASP Verification Standard programme appeared first on IT Security Guru.

APIs attacked in 94% of companies in past year

Salt Security, the API security company, today released the Salt Labs State of API Security Report, Q3 2022. In its latest edition, the bi-annual report found that 94% of survey respondents experienced security problems in production APIs in the past year, with 20% stating their organisations suffered a data breach as a result of security […]

The post APIs attacked in 94% of companies in past year appeared first on IT Security Guru.

Armis aims to improve financial services cyber resilience with UK Finance membership

Armis, the unified asset intelligence platform, has joined the premier industry body for financial services in the UK, UK Finance, to help members tackle cybersecurity challenges stemming from managed or unmanaged connected assets in their environments. As an associate member, Armis says it will use the partnership to drive awareness of financial institutions’ risk exposures […]

The post Armis aims to improve financial services cyber resilience with UK Finance membership appeared first on IT Security Guru.

Ransomware Group Demand £500,000 From Bedfordshire School

Wooton Upper School in Bedfordshire suffered a ransomware attack this week, with hackers demanding £500,000 in ransom, according to reports. The attack also affected the Kimberley college for 16-19 year olds, with both members of the Wootton Academy Trust. The attack was said to be the work of the Hive ransomware group. The cybercriminals messaged […]

The post Ransomware Group Demand £500,000 From Bedfordshire School appeared first on IT Security Guru.

Microsoft Threat Intelligence Center Links Threat Group to Austrian Spyware Vendor DSRIF

Microsoft has linked the efforts of the threat group Knotweed to an Austrian spyware vendor. The group has so far used the malware dubbed ‘SubZero’ to attack groups in Europe and Central America. The Subzero malware, as used by Knotweed, can be used to hack a target’s phone, computers, network, and internet-connected devices. DSRIF markets […]

The post Microsoft Threat Intelligence Center Links Threat Group to Austrian Spyware Vendor DSRIF appeared first on IT Security Guru.

22 million US health records breached thus far in 2022

A new report from GlobalData estimates that up to 22 million US health records have been breached so far in 2022. The same report forecasts that spending on cybersecurity in the global healthcare industry will increase by nearly $400 million in the next 3 years. This increase is sorely needed in a sprawling industry which […]

The post 22 million US health records breached thus far in 2022 appeared first on IT Security Guru.

T-Mobile-US Agree To Pay $350m Settlement Over 2021 Cyberattack

T-Mobile-US has agreed to pay $350m to settle class action claims related to a 2021 cyber-attack which impacted approximately 80 million US residents. On Friday, in a filing with the Securities and Exchange Commission (SEC), it was explained that the money would be used to “fund claims submitted by class members, legal fees of plaintiffs’ […]

The post T-Mobile-US Agree To Pay $350m Settlement Over 2021 Cyberattack appeared first on IT Security Guru.

Teenager Jailed for Snapchat Blackmail Cybercrimes

A teenager who hacked Snapchat accounts and threatened to post nude images of women online to make money has been jailed for two years. Jasin Bushi, 18, took control of a series of women’s social media accounts, posing as the victim to message their friends. He claimed to be facing eviction and asked to borrow […]

The post Teenager Jailed for Snapchat Blackmail Cybercrimes appeared first on IT Security Guru.

The UK’s National Crime Agency Seized Millions of Pounds Worth of Cryptocurrency Last year

The UK’s National Crime Agency (NCA) seized millions of pounds worth of cryptocurrency last year as part of its efforts to crack down on serious and organised crime (SOC) and money laundering. In its annual report, the NCA, the UK agency dedicated to tackling SOC, revealed that during the period April 1st 2021 to March […]

The post The UK’s National Crime Agency Seized Millions of Pounds Worth of Cryptocurrency Last year appeared first on IT Security Guru.

Hacker Selling Twitter Account Data of Millions of Users

A threat actor used a vulnerability to build a database of phone numbers and email addresses belonging to 5.4 million Twitter accounts. The data from the breach is now up for sale on a hacker forum for $30,000. A threat actor known as ‘devil’ said on a stolen data market that the database contains information […]

The post Hacker Selling Twitter Account Data of Millions of Users appeared first on IT Security Guru.