New Framework Aims to Describe & Address Complex Social Engineering Attacks
As attackers use more synthetic media in social engineering campaigns, a new framework is built to describe threats and provide countermeasures.Deepfake and related synthetic media technologies have helped attackers...
CISA Analysis Reveals Successful Attack Techniques of FY 2020
The analysis shows potential attack paths and the most effective techniques for each tactic documented in CISA's Risk and Vulnerability Assessments.The Department of Homeland Cybersecurity and Infrastructure Security Agency...
How Dangerous Is Malware? New Report Finds It’s Tough to Tell
Determining which malware is most damaging, and worthy of immediate attention, has become difficult in environments filled with alerts and noise.Malware continues to challenge security teams, but those challenges...
Alleged Cybercriminal Arrested in Morocco Following Interpol Probe
The suspect operated under the name "Dr Hex" to target thousands of people through phishing, fraud, and carding activities.An alleged high-profile cybercriminal has been arrested in Morocco following an...
Researchers Learn From Nation-State Attackers’ OpSec Mistakes
Security researchers discuss how a series of simple and consistent mistakes helped them learn more about ITG18, better known as Charming Kitten.When security intelligence teams talk about human error,...
Microsoft Releases Emergency Patch for ‘PrintNightmare’ Vuln
It urges organizations to immediately apply security update, citing exploit activity.Microsoft has rushed out an emergency security update for "PrintNightmare," a critical remote code execution vulnerability present in all...
Fake Android Apps Promise Cryptomining Services to Steal Funds
Researchers discover more than 170 Android apps that advertise cloud cryptocurrency mining services and fail to deliver.Researchers with the Lookout Threat Lab have identified multiple Android applications that steal...
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Automation allowed a REvil affiliate to move from exploitation of vulnerable servers to installing ransomware on downstream companies faster than most defenders could react.Sometime after 14:30 UTC on Friday,...
SOC Investment Improves Detection and Response Times, Data Shows
A survey of IT and security pros finds many are confident in their ability to detect security incidents in near-real time or within minutes.More businesses are investing in their security...
Google Updates Vulnerability Data Format to Support Automation
The Open Source Vulnerability schema supports automated vulnerability handling in Go, Rust, Python, and Distributed Weakness Filing system, and it could be the favored format for future exporting of...
