FIN11 e-crime group shifted to clop ransomware and big game hunting
Several the group’s recent ransom notes explicitly name data stolen from workstations that belong to top executives, including founders/CEOs.
About SC Media
Security News
Biden to invest in cyber workforce, but without plan to overcome lingering staffing hurdles
President-elect Joe Biden announced funding to modernize secure IT and lure cyber talent to the public sector as part of his plan to stimulate the economy and rebuild in the wake of the pandemic. But cybersecurity experts remain skeptical that the newfound funding focus on cybersecurity will be enough to draw the necessary talent. Noting…
NSA urges use of enterprise resolvers to protect DNS traffic on corporate networks
NSA advises security pros to use designated enterprise DNS resolvers to lock down DoH on corporate networks.
Surge in remotely hosted phish images? Some say it’s business as usual
In Nov. 2020 alone, company blocked 262 million emails containing malicious, remotely hosted images.
Intel unveils ransomware-fighting CPUs
The capability is an easy win for CISOs, which can benefit with limited tweaks to machines.
With insured losses at $90 billion, did cyber insurance firms dodge financial calamity?
The number of SolarWinds victims will likely grow in the upcoming months, but direct insured costs should remain close to the current estimate since many of the organizations hit – particularly federal agencies – do not carry insurance against cyber risks.
Early-stage cybersecurity investment flowing, despite pandemic
While most industries saw a significant dip in seed and Series A investments last year, cybersecurity investment remained resilient.
CISA says multiple attacks on cloud services bypassed multifactor authentication
Threat actors have used a variety of tactics and techniques—including phishing, brute force login attempts, and possibly a so-called “pass-the-cookie” attack that bypassed multifactor authentication to exploit cloud security weaknesses.
Apple nixes feature that let its apps skip VPNs and firewalls, after criticism from researchers
The software essentially exempted Apple’s own programs from being routed through its Network Extension Framework, which the company created for third-party security products to monitor and filter network traffic.
Google: Attacker ‘likely’ had access to Android zero-day vulnerabilities
Google’s Project Zero this week introduced a six-part series that offers an analysis of four zero-day vulnerabilities on Windows and Chrome, and known-day Android exploits it found during the team’s extensive research last year.
Want to read more?
Next post in Mobile Security
