New data could help CISOs quantify the value of a strong security culture
Companies with a good security culture are 52x less likely to practice risky credential sharing than orgs with a poor security culture.
Companies with a good security culture are 52x less likely to practice risky credential sharing than orgs with a poor security culture.
Malwarebytes’ exposé of LazyScripter revealed that the group has operated since at least 2018, targeting International Air Transport Association (IATA) members, airlines and immigrants seeking employment in Canada. How significant are such findings? SC media spoke to researchers, who said Identifying a new actor is the first step in creating a defense.
Researchers at Kasperksy have tied a piece of malware used by Lazarus Group last seen targeting security vulnerability researchers earlier this year to another campaign by the North Korean hacking group focused on pilfering sensitive data from defense contractors.
The two email attacks employed a broad range of techniques to get past traditional email security filters and pass the “eye tests” of unsuspecting end users.
The threat actors are “quite clever” in using Google Alerts as an attack vector to prompt users to “update” Adobe Flash Player.
Better integration between email and web security systems could serve as a defense.
Future plans for the methodology include the incorporation of operational data gathered from multiple organizations.
At least tens of thousands of sensitive medical files were posted to a blog on the dark web that the hackers used to extort the two hospital chains.
Cybercriminals have been using a phishing kit featuring fake Office 365 password alerts as a lure to target the credentials of chief executives, business owners and other high-level corporate leaders – often companies’ biggest security liabilities.
Depending on how widespread the compromises were, it could potentially taint some research and defensive strategies that threat intelligence firms share with businesses and other organizations.