New data could help CISOs quantify the value of a strong security culture
Companies with a good security culture are 52x less likely to practice risky credential sharing than orgs with a poor security culture.
About SC Media
Phishing
Old foe or new enemy? Here’s how researchers handle APT attribution
Malwarebytes’ exposé of LazyScripter revealed that the group has operated since at least 2018, targeting International Air Transport Association (IATA) members, airlines and immigrants seeking employment in Canada. How significant are such findings? SC media spoke to researchers, who said Identifying a new actor is the first step in creating a defense.
ThreatNeedle malware tied to year-long North Korean espionage campaign against global defense industry
Researchers at Kasperksy have tied a piece of malware used by Lazarus Group last seen targeting security vulnerability researchers earlier this year to another campaign by the North Korean hacking group focused on pilfering sensitive data from defense contractors.
Hackers hit 10,000 mailboxes in phishing attacks on FedEx and DHL Express
The two email attacks employed a broad range of techniques to get past traditional email security filters and pass the “eye tests” of unsuspecting end users.
Google Alerts used to launch fake Adobe Flash Player updater
The threat actors are “quite clever” in using Google Alerts as an attack vector to prompt users to “update” Adobe Flash Player.
Phishing campaign alters prefix in hyperlinks to bypass email defenses
Better integration between email and web security systems could serve as a defense.
NIST hints at upgrades to its system for scoring a phish’s deceptiveness
Future plans for the methodology include the incorporation of operational data gathered from multiple organizations.
Conti ransomware gang tied to latest attacks on hospitals in Florida and Texas
At least tens of thousands of sensitive medical files were posted to a blog on the dark web that the hackers used to extort the two hospital chains.
Phishing scheme shows CEOs may be ‘most valuable asset,’ and ‘greatest vulnerability’
Cybercriminals have been using a phishing kit featuring fake Office 365 password alerts as a lure to target the credentials of chief executives, business owners and other high-level corporate leaders – often companies’ biggest security liabilities.
Google discloses spearphishing targeting security researchers
Depending on how widespread the compromises were, it could potentially taint some research and defensive strategies that threat intelligence firms share with businesses and other organizations.
Want to read more?
Next post in Security News
