In the latest weekly update, four editors at Information Security Media Group discuss important cybersecurity issues, including how ransomware affiliates change operators and why terrorists aren't launching massive cyberattacks.
"Silence is gold." So says ransomware operator Ragnar Locker, as it attempts to compel victims to pay its ransom demand without ever telling anyone - especially not police. But some ransomware-battling experts have been advocating the opposite, including mandatory reporting of all ransom payments.
Attackers are actively exploiting a flaw in Microsoft Windows for which no patch is yet available. Microsoft has issued workarounds and mitigations designed to block the zero-day attack for the flaw in the MSHTML browsing engine, which is being exploited via malicious Microsoft Office documents.
The Ragnar Locker ransomware operation has been threatening to dump victims' stolen data if they contact police, private investigators or professional negotiators before paying a ransom. But as one expert notes: "Perhaps the criminals watched too many TV shows, because this isn’t how the real world works."
As the United States heads into a holiday weekend, experts are warning that ransomware-wielding attackers are sure to unleash crypto-locking chaos in the coming days, with Conti ransomware attacks in particular having been rising sharply in recent weeks.
The operators of LockFile ransomware have adopted new techniques, including "intermittent encryption," to help evade detection, according to cybersecurity firm Sophos.
As the last U.S. military flight lifted off Tuesday evening from the airport in Kabul, Afghanistan, what's been left behind reportedly includes a vast trove of biometric data that could be used to identify - including for interrogation or execution - individuals who assisted the occupying NATO forces.
Researchers have released details of a serious vulnerability in Microsoft's Exchange email server, nicknamed "ProxyToken." The bug, which was patched by Microsoft in April, could be exploited to copy emails from Exchange inboxes.
By some estimates, the managed security services business is expected to grow by 50% between 2020 and 2025. And a huge part of that growth will by XDR, says Colin O'Connor, COO of ReliaQuest. He explains why XDR is far more than just vendor hype.
The cybersecurity firm IronNet, founded and led by retired Army Gen. Keith Alexander, has gone public without an IPO by merging with LGL Systems Acquisitions Corp., a "blank check" shell company formed to handle such mergers. Meanwhile, Checkpoint has announced plans to acquire the email security firm Avanan.
Although research firm Gartner forecasts that spending on cybersecurity will surpass $150 billion in 2021, "the proportion of investment going to companies raising investment for the first time is significantly down," says Saj Huq, director of cyber innovation at Plexal, a center for innovation in the U.K.
A vulnerability in Microsoft Azure's database service Cosmos DB has potentially put at risk thousands of Azure customers, including many Fortune 500 companies, according to the security firm Wiz. Microsoft has mitigated the flaw.
In the latest weekly update, four editors at Information Security Media Group discuss timely cybersecurity issues, including cryptocurrency exchange hacks and the cyber implications of the U.S. withdrawal from Kabul.
Accreditation organization CREST has concluded an investigation into whether NCC Group employees cheated on its penetration-testing exams, finding that the cybersecurity business's training materials violated its rules. It says NCC Group has agreed to overhaul its processes and demonstrate compliance.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing careersinfosecurity.co.uk, you agree to our use of cookies.