What is Black Basta? Black Basta is a relatively new family of ransomware, first discovered in April 2022. Although only active for the past couple of months, the Black Basta ransomware is thought to have already hit almost 50 organisations – fir…
Tag: IT Security and Data Protection
Security Bloggers, Security Vendor News
Penetration Testing in 2022: Key Trends and Challenges
by Tripwire Guest Authors •
Just when you thought that we couldn’t be any more integrated with (and dependent on) technology, the Covid pandemic swooped in to prove otherwise. The rise in the use of applications and devices to perform even basic functions pushed companies and end…
Security Bloggers, Security Vendor News
Are Protection Payments the Future of Ransomware? How Businesses Can Protect Themselves
by Tripwire Guest Authors •
Ransomware has matured significantly over the previous decade or so. Initially thought to be a relatively basic virus that could be contained on a floppy disk, it can now damage global business infrastructures, stop healthcare systems dead in their tra…
Security Bloggers, Security Vendor News
The actual cost of a breach – reputation, loss of customers, fines, suspension of business
by Tripwire Guest Authors •
According to IBM’s Cost of a Data Breach report In 2021, data breach costs rose from $3.86 million to $4.24 million, exhibiting the highest average total cost in the 17-year history of their report. A new report from the Department for Culture, Media, …
Security Bloggers, Security Vendor News
Q1 2022 Phishing Threat Trends and Intelligence Report
by Tripwire Guest Authors •
In 2022, phishing attacks have not only increased substantially, but they have also taken a new turn of events. According to the Agari and PhishLabs Quarterly Threat Trends & Intelligence report, phishing attacks are gradually being delivered throu…
Security Bloggers, Security Vendor News
Interpol arrests thousands of scammers in operation “First Light 2022”
by Graham Cluley •
Law enforcement agencies around the world appear to have scored a major victory in the fight against fraudsters, in an operation that seized tens of millions of dollars and seen more than 2000 people arrested. Operation “First Light 2022”, …
Security Bloggers, Security Vendor News
Interpol arrests thousands of scammers in operation “First Light 2022”
by Graham Cluley •
Law enforcement agencies around the world appear to have scored a major victory in the fight against fraudsters, in an operation that seized tens of millions of dollars and seen more than 2000 people arrested. Operation “First Light 2022”, …
Security Bloggers, Security Vendor News
Grooming lies and their function in financial frauds
by Martina Dove •
Grooming techniques used in various frauds are getting more common and more elaborate. Fraudsters are coming up with narratives that involve complicated lies and may have different stages, depending on the type of fraud. Often, different actors are bro…
Security Bloggers, Security Vendor News
The State of Security: Ransomware
by Tripwire Guest Authors •
Sophos Labs recently released its annual global study, State of Ransomware 2022, which covers real-world ransomware experiences in 2021, their financial and operational impact on organizations, as well as the role of cyber insurance in cyber defense. T…
Security Bloggers, Security Vendor News
Apple protected App Store users from $1.5 billion fraud last year
by Graham Cluley •
Apple says that it protected many millions of users from being defrauded to the tune of nearly $1.5 billion dollars in the last year, by policing its official App Store. According to a newly published report by Apple, over 1.6 million risky and untrust…
Security Bloggers, Security Vendor News
Ransomware demands acts of kindness to get your files back
by Graham Cluley •
The great thing about working in the world of cybersecurity is that there’s always something new. You may think you’ve seen it all, and then something comes along that completely surprises you. And that’s certainly true of the GoodWil…
Security Bloggers, Security Vendor News
Why the Cybersecurity Industry Needs to Change Its Siloed Perception
by Tripwire Guest Authors •
As high-profile data theft incidents continue to rise and become more sophisticated, there is a greater-than-ever need for emerging businesses to take their cybersecurity seriously. So, why do many entrepreneurs and “startup unicorns” consider it the t…
Security Bloggers, Security Vendor News
Phishing gang that stole over 400,000 Euros busted in Spain
by Graham Cluley •
Spanish police say that they have dismantled a phishing gang operating across the country, following the arrest of 13 people and the announcement that they are investigating a further seven suspects. According to police, the phishing ring defrauded som…
Security Bloggers, Security Vendor News
Your social media account hasn’t been hacked, it’s been cloned!
by Tyler Reguly •
A recent Facebook post from a family member made me realize that I needed to write about an overused term. A term, that when used, causes chaos and concern. I don’t blame the family member for using it, I’ve seen it used hundreds of times over the past…
Security Bloggers, Security Vendor News
2022 Q1 Privacy Update — A new year sparks new initiatives
by Tripwire Guest Authors •
The first months of 2022 began slowly for privacy, but by the end of the first quarter we had our marching orders for the rest of the year. In the U.S., we saw an explosion of state privacy bills being put forward (again), the Senate utilized a seldom …
Security Bloggers, Security Vendor News
Multi-Factor Authentication: A Key to Cyber Risk Insurance Coverage
by Anastasios Arampatzis •
Cyber-attacks are becoming more sophisticated and devastating, especially for small and medium enterprises (SMEs). With ransom demands rising and the cost of data breaches soaring, businesses are investing heavily in building their cyber defenses. Howe…
Security Bloggers, Security Vendor News
$43 billion stolen through Business Email Compromise since 2016, reports FBI
by Graham Cluley •
Over US $43 billion has been lost through Business Email Compromise attacks since 2016, according to data released this week by the FBI. The FBI’s Internet Crime Complaint Center (IC3) issued a public service announcement on May 4 2022, sharing u…
Security Bloggers, Security Vendor News
World Password Day is Dead. Long Live World Password Day!
by Tim Erlin •
In 2002 I sat in a local bookstore in Jackson Hole, WY that offered a few Internet-connected computers for hourly use. After chatting with the owner and petting the resident store dog, I took a few guesses at the password protecting these computers. It…
Security Bloggers, Security Vendor News
May The Fourth Be with You: Jedi Mind Tricks and Scams
by Tyler Reguly •
Over the past few years, I’ve used Star Wars Day as a way to talk about two of my favourite things – Star Wars and cybersecurity. I wrote about scammers in 2020 and IoT in 2021, and I really thought I’d write about IoT again this year. After all, there…
Security Bloggers, Security Vendor News
OSINT: The privacy risks of sharing too much information
by Tyler Reguly •
In the past, I’ve written about digital privacy and how much data we leak through our day to day interactions. I think this is an important topic to consider and really focus on and it is an element of cybersecurity at both the enterprise and personal …
Europe, Global Security News, North America
Ransomware costs show prevention is better than the cure
by Graham Cluley •
If your company is worried about the financial hit of paying a ransom to cybercriminals after a ransomware attack, wait until they find out the true cost of a ransomware attack. Because the total costs of recovering from the ransomware attack are likel…
Security Bloggers, Security Vendor News
REvil reborn? Notorious gang’s dark web site redirects to new ransomware operation
by Graham Cluley •
Sometimes referred to as Sodinokibi, the notorious REvil ransomware-as-a-service (RAAS) enterprise was responsible for a series of high profile attacks against the likes of the world’s biggest meat supplier JBS Foods and IT service firm Kaseya. H…
Security Bloggers, Security Vendor News
What Makes Telecommunication Companies Such a Fertile Ground for Attack?
by Jeannine Balsiger •
Telecommunication is the first, and most robust network ever invented. This may seem like a brazen and bold statement, but when examined closely, it is not the stuff of fantasy. Prior to the invention and development of the internet, what o…
Security Bloggers, Security Vendor News
Ultimate Guide to CPRA for US Businesses
by Tripwire Guest Authors •
To say that data governance and data compliance are rapidly becoming areas of immense strategic importance for businesses would be an understatement. Governments worldwide already have data protection laws in place or are busy drafting these laws. More…
Security Bloggers, Security Vendor News
Companies are more prepared to pay ransoms than ever before
by Graham Cluley •
A new report, which surveyed 1200 IT security professionals in 17 countries around the world, has shone a light on a dramatic rise in the number of organisations willing to pay ransoms to extortionists. The ninth annual Cyberthreat Defense Report (CDR)…
Security Bloggers, Security Vendor News
Out of Band (OOB) Data Exfiltration via DNS
by Tyler Reguly •
Last week, I attended the NotSoSecure Advanced Web Hacking training. While there were plenty of interesting topics taught, one that caught my attention was Out-of-Band (OOB) Data Exfiltration using DNS. Back in 2018, NotSoSecure published an Out of Ban…
Security Bloggers, Security Vendor News
World Backup Day: Simplicity and Patience is Key
by Bob Covello •
A few months ago, a popular cybersecurity news organization posted an urgent notice on social media seeking help to recover their data after their blog was deleted. They announced that they had no backups and they were desperately trying to contact th…
Security Bloggers, Security Vendor News
What Trust and Compliance Looks Like in a Cookieless Digital World
by Tripwire Guest Authors •
Originally envisaged as a convenient way to store web data, cookies emerged as a powerful marketing tool in the 2000s. For many years, digital marketers relied on cookies for data collection. However, in recent history, new privacy laws, browser featur…
Security Bloggers, Security Vendor News
What Is Multi-Factor Authentication, and What Does It Have to Do with You?
by Zoë Rose •
Security isn’t a simple matter of caring or spending time reading manuals or being told what you can or can’t do. Security is understanding how to view the world from a different perspective: instead of functional does it work, viewing it as how can I …
Europe, Global Security News, North America
AvosLocker ransomware – what you need to know
by Graham Cluley •
What is this AvosLocker thing I’ve heard about? AvosLocker is a ransomware-as-a-service (RaaS) gang that first appeared in mid-2021. It has since become notorious for its attacks targeting critical infrastructure in the United States, including the sec…
Security Bloggers, Security Vendor News
As tax deadlines approach, Emotet malware disguises itself in an IRS email
by Graham Cluley •
Security researchers have warned that they have seen a number of malicious email campaigns which pose as communications from the Internal Revenue Service (IRS).
The post As tax deadlines approach, Emotet malware disguises itself in an IRS email appeare…
Europe, Global Security News, North America
Ragnar Locker ransomware – what you need to know
by Graham Cluley •
What is this Ragnar Locker thing I’ve heard about? Ragnar Locker is a family of ransomware, which first came to prominence in early 2020 when it became notorious for hitting large organisations, attempting to extort large amounts of cryptocurrency from…
Security Bloggers, Security Vendor News
Creating Your Disaster Recovery Action Plan
by Tripwire Guest Authors •
Perhaps Disaster Recovery (DR) isn’t one of the hot terms like the Internet of Things (IoT) or Hybrid Cloud, but I would argue that re-examining your DR plan now might be one of the most important IT management initiatives on which you can focus your e…
Security Bloggers, Security Vendor News
Manufacturing was the top industry targeted by ransomware last year
by Graham Cluley •
Global supply chains are bearing the brunt of ransomware attacks, according to a new report that finds manufacturing was the most targeted industry during 2021. Knocking financial services and insurance off the top of the heap after a long reign, the m…
Security Bloggers, Security Vendor News
Inclusive Awareness is the Key to Effective Cybersecurity: An Interview with Jenny Radcliffe
by Joe Pettit •
In the early years of cybersecurity, it was often said that people are the weakest link. This did nothing to encourage support, as it was insulting and demeaning. The new and better way to inspire people towards a cybersecurity mindset is to engag…
Security Bloggers, Security Vendor News
Observation vs. Monitoring: What’s the Difference in the World of Cybersecurity
by Chris Hudson •
I took note of the recent uptick in discussions about the concept of observation in the IT world and found myself compelled to come back to the topic, which I’ve touched on previously in my blog posts. “Observability” is seemingly synonymous with “moni…
Security Bloggers, Security Vendor News
Email Security Trends Coming in 2022
by Tripwire Guest Authors •
Organizations are under constant threat of cybercrime. While there are many available attack vectors, email is the most obvious path towards a full network compromise. The notion that email security should be prioritized is emphasized during …
Security Bloggers, Security Vendor News
The Changing State of Cybersecurity: 5 Data-Backed Predictions
by Tripwire Guest Authors •
Cybersecurity is never static, and that’s especially true today. After widespread and frequent disruptions in the past few years, the cyber defense landscape is shifting. Favored attack vectors are changing, new threats are emerging, and organizations …
Security Bloggers, Security Vendor News
How to Take Care of Yourself When Things Go Wrong: Self-Care Tips When Dealing with a Cyber Attack
by Tripwire Guest Authors •
One very predictable part of cybersecurity is that the work is unpredictable. here are routines that help to create a predictable rhythm, but you don’t necessarily know when the next attack will come, how intense it will be when it does, or when …
Security Bloggers, Security Vendor News
Government agencies warn of sophisticated, high-impact ransomware
by Graham Cluley •
A surge in “sophisticated, high impact” ransomware attacks has prompted the United States’s Cybersecurity and Infrastructure Security Agency (CISA), the UK’s National Cyber Security Centre (NCSC), and the Australian Cyber Securi…