Announcements


Cyber Security News Update – Week 2 of 2022

Cyber Security News Update – Week 2 of 2022

The first week of the year is not without cybersecurity updates, and we bring to you the most relevant of these security headlines. Here are the updates from this past week.

 

Supply Chain Attacks Target Real Estate Websites

Supply chain attacks are known to sabotage organizational networks, and these attacks have increased late. The most recent targets of these attacks are real estate websites. Popular real estate listing website Sotheby’s was a victim of a supply chain attack where attackers deployed a skimmer on the cloud video platform it uses – Brightcove. Consequently, all videos projected on its website (via Brightcove video player) were infected. All websites importing real estate property videos from Sotheby also had their websites compromised by the payment card details stealing skimmer. Interestingly, this scam has been ongoing for a year and has only recently come to light.

(more…)

Cyber Security News Update – Week 1 of 2022

Cyber Security News Update – Week 1 of 2022

Here are the top cybersecurity headlines this week to help you understand what’s going on in the cyber world and how you can plan to strengthen your organization’s security posture in 2022.

 

K-12 Cybersecurity Act Becomes Law

US President Joe Biden recently signed the K-12 Cybersecurity Act into law which will add to the efforts at strengthening the cybersecurity of the K-12 educational institutions. The newly passed law will require the CISA director to analyze the cybersecurity risks facing K-12 schools within 120 days of the act being passed. The CISA director will also have to explore the possible cybersecurity challenges faced by these K-12 schools, including securing information systems, implementing cybersecurity protocols, and protecting sensitive employee and student and employee data.

(more…)

Cyber Security News Update – Week 51-2 of 2021

Cyber Security News Update – Week 51-2 of 2021

This week’s major cyber news headlines reflect the cybersecurity warnings being circulated ahead of the Christmas holidays and a host of other significant updates. Here are the most important of those security updates.

 

Imperva Reports a Surge in Web Application Attacks

Renowned security vendor Imperva recently released a cybersecurity analysis report highlighting that there have been over 4.7 million web application attacks since October 2019. Imperva’s findings reveal that web-app attacks are increasing by 22% every quarter. Data breaches in the UK have increased significantly because of the rising attacks on businesses (increased by 250% between October 2019 and the present day).

(more…)

Cyber Security News Update – Week 51 of 2021

Cyber Security News Update – Week 51 of 2021

This week’s cybersecurity headlines are proof that vulnerabilities should be patched the moment they are reported. Here are the top headlines this week that re-emphasize the need to heed security warnings by law enforcement.

 

Scandinavian Hotel Chain-Nordic Choice Has The Hardest Time Checking Guest In

Having caused much disruption in Ireland’s Health Service Executive (HSE) and the US-based Broward County Public Schools, the Conti ransomware group has now targeted a Scandinavian hotel chain. While the hotel – Nordic Choice, has no plans to negotiate with the attackers, it suspects a theft of its guests’ personally identifiable information (PII). As a result of the attack, guests are also struggling to check in because the reservations system at over 200 Nordic Choice locations remains affected. All procedures related to check-in, new room key creation, check-out, etc., were affected, which compelled the hotel staff to escort guests to their rooms.

(more…)

Cyber Security News Update – Week 50 of 2021

Cyber Security News Update – Week 50 of 2021

The cyber realm has progressed much over the last week; here is the compilation of the top cybersecurity headlines from the past seven days.

 

UK Government Passes New Cybersecurity Bill

The general notion among consumers of electronic goods today is that a seller or manufacturer does a good job of ensuring their security from cyberattacks. More often than not, this isn’t true. Of late, cyber adversaries have been intruding into netizens’ private and public spaces – right from attacks on their organizational networks to home systems such as smart TVs, CCTVs, baby monitors, etc. The United Kingdom government has implemented the Product Security and Telecommunications Infrastructure (PSTI) Bill as a corrective measure. The PSTI bill mandates all manufacturers and sellers of IoT devices to abide by cybersecurity protocols and protect the privacy of Britons.

(more…)

Cyber Security News Update – Week 48 of 2021

Cyber Security News Update – Week 48 of 2021

Threat actors continue to launch cyber attacks on organizations around the world. This week’s headlines cover some of these, among other cyber news.

 

If You Have The SoSafe App, Then This Should Interest You

Pakistan-based threat actors running the GravityRAT remote access trojan have recently developed a chat application called SoSafe chat which spreads malware under the disguise of a ‘safe messaging platform.’ Cybersecurity experts say that the malware is currently targeting high-profile individuals from India. Although the download link and registration for this malicious site remain un-operational, it is very much online.

(more…)

Cyber Security News Update – Week 45 of 2021

Cyber Security News Update – Week 45 of 2021

The bygone week has been eventful in the cybersecurity realm. Here are the major cyber updates from across the globe

 

Unknown Threat Actor Exploits Vulnerability in BillQuick Web Suite

BillQuick Web Suite is a popular US-based billing system developed by BQE Software and has over 400,000 users globally. Unfortunately, it was targeted by a critical SQL injection bug recently deployed by an unidentified ransomware group. The vulnerability has been dubbed CVE-2021-42258 and allows adversaries to gain initial access to customers’ BillQuick data and infect the windows server with malicious commands. All the adversaries need to do is make login requests using invalid characters.

(more…)

Cyber Security News Update – Week 44 of 2021

Cyber Security News Update – Week 44 of 2021

The pandemic has fueled the use of online applications and services. And even malicious actors are well aware of it, who continue to launch cyberattacks to rob you of your information or monetary assets. This week’s headlines cover how a group of cyber adversaries conned people over a dating app in South Africa, among other significant cyber developments worldwide.

(more…)

Cyber Security News Update – Week 42 of 2021

Cyber Security News Update – Week 42 of 2021

This week’s cybersecurity headlines have had significant updates related to recent acquisitions, patches, and adversary actions. Here are the most important of those cyber news headlines:

 

Apache Fixes Severe Vulnerabilities

In an abundance of caution, Apache has released patches for two cybersecurity vulnerabilities in its HTTP server. Adversaries actively exploited the vulnerabilities related to path traversal and file disclosure until 29th September, when Apache discovered the same in Apache HTTP Server 2.4.49.

(more…)

Cyber Security News Update – Week 40 of 2021

Cyber Security News Update – Week 40 of 2021

As the scope of digitization is rising, so are the cyber threats associated with it. This has essentially given threat actors a goldmine wherein users’ details such as their names, addresses, social security numbers, etc., and other critical data, including financial details, is the metaphorical gold for them of which they can’t seem to have enough. This week’s headlines discuss these cyber threats that have affected people worldwide.

(more…)

Cyber Security News Update – Week 39 of 2021

Cyber Security News Update – Week 39 of 2021

Implementing cybersecurity is a collective responsibility wherein every member has to play their part in maintaining confidentiality, integrity, and availability of the organization’s information assets at large. This includes keeping oneself abreast of the latest happenings in the cyber world to keep one step ahead of threat actors at all times. Here are the most relevant cybersecurity headlines this week, highlighting the progress made by both the good and the bad (malicious) actors.

(more…)

Cyber Security News Update – Week 38 of 2021

Cyber Security News Update – Week 38 of 2021

A global cybersecurity firm reported that one-third of suspicious emails marked by employees were indeed malicious ones that may have attempted to phish the users of their PII (Personally Identifiable Information) and other critical organizational information. This indicates how crucial cybersecurity awareness training can prove to be in tackling the global menace of growing cybercrime. Here are this week’s cyber news headlines that cover a tech giant patching critical vulnerabilities, one country blaming another for launching cyberattacks against them, and more.

(more…)

Cyber Security News Update – Week 37 of 2021

Cyber Security News Update – Week 37 of 2021

A disgruntled employee can be as severe a threat as the threat actor who wants to steal confidential information for various illegitimate purposes. This week’s headlines cover how an employee proved to be an insider threat and other such pieces, implying the importance of keeping a robust and comprehensive email security posture and why organizations need to keep cybersecurity among their top priorities.

(more…)

Pin It on Pinterest