- Sextortion Scams Now Include Photos of Your Homeby BrianKrebs on September 3, 2024 at 3:45 pm
An old but persistent email scam known as “sextortion” has a new personalized touch: The missives, which claim that malware has captured webcam footage of recipients pleasuring themselves, now include a photo of the target’s home in a bid to make threats about publishing the videos more frightening and convincing.
- Owners of 1-Time Passcode Theft Service Plead Guiltyby BrianKrebs on September 2, 2024 at 4:46 pm
Three men in the United Kingdom have pleaded guilty to operating otp[.]agency, a once popular online service that helped attackers intercept the one-time passcodes (OTPs) that many websites require as a second authentication factor in addition to passwords. Launched in November 2019, OTP Agency was a service for intercepting one-time passwords needed to log in to various websites. Scammers would enter the target’s phone number and name, and the service would initiate an automated phone call to the target that alerts them about unauthorized activity on their account.
- When Get-Out-The-Vote Efforts Look Like Phishingby BrianKrebs on August 28, 2024 at 11:55 pm
Multiple media reports this week warned Americans to be on guard against a new phishing scam that arrives in a text message informing recipients they are not yet registered to vote. A bit of digging reveals the missives were sent by a California political consulting firm as part of a well-meaning but potentially counterproductive get-out-the-vote effort that had all the hallmarks of a phishing campaign.
- New 0-Day Attacks Linked to China’s ‘Volt Typhoon’by BrianKrebs on August 27, 2024 at 2:26 pm
Malicious hackers are exploiting a zero-day vulnerability in Versa Director, a software product used by many Internet and IT service providers. Researchers believe the activity is linked to Volt Typhoon, a Chinese cyber espionage group focused on infiltrating critical U.S. networks and laying the groundwork for the ability to disrupt communications between the United States and Asia during any future armed conflict with China.
- Local Networks Go Global When Domain Names Collideby BrianKrebs on August 23, 2024 at 2:12 pm
The proliferation of new top-level domains (TLDs) has exacerbated a well-known security weakness: Many organizations set up their internal Microsoft authentication systems years ago using domain names in TLDs that didn’t exist at the time. Meaning, they are continuously sending their Windows usernames and passwords to domain names they do not control and which are freely available for anyone to register. Here’s a look at one security researcher’s efforts to map and shrink the size of this insidious problem.
- National Public Data Published Its Own Passwordsby BrianKrebs on August 19, 2024 at 4:23 pm
New details are emerging about a breach at National Public Data (NPD), a consumer data broker that recently spilled hundreds of millions of Americans’ Social Security Numbers, addresses, and phone numbers online. KrebsOnSecurity has learned that another NPD data broker which shares access to the same consumer records inadvertently published the passwords to its back-end database in a file that was freely available for download from its homepage until today.
- NationalPublicData.com Hack Exposes a Nation’s Databy BrianKrebs on August 15, 2024 at 10:38 pm
A great many readers this month reported receiving alerts that their Social Security Number, name, address and other personal information were exposed in a breach at a little-known but aptly-named consumer data broker called NationalPublicData.com. This post examines what we know about a breach that has exposed hundreds of millions of consumer records. We’ll also take a closer look at the data broker that got hacked — a background check company founded by an actor and retired sheriff’s deputy from Florida.
- Manufacturing Industry Faces Surge in Ransomware Attacks in 2024by Brenda Robb on September 6, 2024 at 12:49 pm
Ransomware attacks on the manufacturing industry are rising, with notable cases at MKS Instruments, Brunswick Corporation, Simpson Manufacturing, and The Clorox Company. Learn about the financial and operational impacts and why manufacturers are prime targets for cybercriminals.
- The State of Ransomware 2024by Brenda Robb on September 2, 2024 at 1:32 pm
BlackFog’s state of ransomware report measures publicly disclosed and non-disclosed attacks globally.
- Enterprise Ransomware Protection: Why it Mattersby Brenda Robb on September 2, 2024 at 10:05 am
Why must enterprise ransomware protection be a critical component of any firm’s cyber security strategy?
- TAG Blog Series 1 – How ADX Supports and Implements Policyby Darren Williams on September 2, 2024 at 8:30 am
Implementing Anti Data Exfiltration (ADX) solutions is critical for enterprise security. This article provides guidance on establishing effective ADX deployment policies, with a focus on aligning them with business objectives and threat perceptions. Highlighting BlackFog’s ADX solution, it explores proactive strategies to prevent data exfiltration, offering valuable insights for practitioners aiming to enhance their security posture.
- 5 Steps to Ensure Your Enterprise Data Securityby Brenda Robb on August 30, 2024 at 7:56 am
Why do enterprise data security strategies need to evolve to cope with a new range of threats?
- Ransomware Recovery: Key Steps Every Firm Should Knowby Brenda Robb on August 27, 2024 at 9:24 am
What should businesses keep in mind in order to develop an effective ransomware recovery plan?
- Ransomware Focus: LockBit Attacks in 2024by Rebecca Harpur on August 24, 2024 at 12:16 pm
Latest information on all LockBit attacks both disclosed and undisclosed in 2024
- Cyber Security Operation Center Guidelines for best practices SOC Designby Cyber Security Consultant on January 30, 2024 at 4:32 pm
Cyber Security is become most needed services for all business and industries in 2024. Every business is concerned about Cyber Security. Security operations (SecOps) leaders face a multifaceted challenge: detecting elusive and novel threats using outdated tools, mitigating the risks posed by unexplored dark data, and managing the resource-intensive nature of staying ahead of evolving
- HOW TO BECOME CERTIFIED LEAD IMPLEMENTER – ISO 27001by Cyber Security Consultant on January 26, 2023 at 11:21 am
ABOUT CERTIFIED LEAD IMPLEMENTER TRAINING AND EXAMINATION FOR INFORMATION SECURITY MANAGEMENT SYSTEM ISO / IEC 27001 Learn and get certified as a professional in implementation of ISO 27001 standard through our self-paced E-learning interactive course which comprises of 4 modules. Upon completion of these modules, you can appear for an examination and get certified as
- YouTube disrupted in Pakistan as former PM Imran Khan streams speechby Cyber Security Consultant on August 22, 2022 at 5:04 am
NetBlocks metrics confirm the disruption of YouTube on multiple internet providers in Pakistan on Sunday 21 August 2022. The disruption comes as former Prime Minister Imran Khan makes a live broadcast to the public, despite a ban issued by the Pakistan Electronic Media Regulatory Authority (PEMRA). Real-time network data show the disruption in effect on
- Recommendations for Parents about Cyber Bullyingby Cyber Security Consultant on October 20, 2021 at 6:36 am
Here are some dedicated tips for keeping younger children safe online. One of these training tips goes into the risks of young children on the Internet, covers cyber bullying and other risky Internet behavior. Here are the suggestions parents should take into account regarding kids online. • Talk with your kids about online safety and
- WhatsApp, Facebook, Instagram server down in Pakistan?by Cyber Security Consultant on October 4, 2021 at 5:32 pm
Facebook-owned social media platforms, WhatsApp, Facebook, and Instagram are facing a worldwide outage, according to Downdetector, which offers real-time status and outage information for all kinds of services. .https://d-31038805491725975734.ampproject.net/2109102127000/frame.html Downdetector showed that WhatsApp outage was reported at 8:23 pm (Pakistan Standard Time) and it shot up to 1,082 complaints by 8:38 pm. The website mentioned that
- Cloudflare reports record-breaking HTTP-request DDoS attackby Cyber Security Consultant on August 22, 2021 at 7:26 pm
Cloudflare reports thwarting the largest known HTTP-request distributed denial of service attack in history, approximately three times larger than any other previously reported. The attack in July reached 17.2 million requests per second, the company wrote in a blog post. For scale, the entirety of the Cloudflare network typically sees around 25 million requests per second
- Microsoft announces recipients of academic grants for AI research on combating phishingby Cyber Security Consultant on June 19, 2021 at 3:34 pm
Every day in the ever-changing technology landscape, we see boundaries shift as new ideas challenge the old status quo. This constant shift is observed in the increasingly sophisticated and connected tools, products, and services people and organizations use on a daily basis, but also in the security that needs to be built into these technologies