Brett Winterford, regional chief security officer, APJ, Okta

Beating Clever Phishing Through Strong Authentication

Jeremy Kirk • November 23, 2022

Successful account takeovers are one of the most common ways that organizations end up with attackers in their systems. But strong authentication can thwart even the most clever phishing campaigns, says Brett Winterford, regional chief security officer for APJ at Okta.

Cloud Security

Graphus' Amelia Paro on Why Phishing Has Exploded Since 2020

Latest

Fraud Management & Cybercrime

Cybercrime Forum Dumps Stolen Details on 5.4M Twitter Users

Mathew J. Schwartz • November 28, 2022

Information amassed on 5.4 million Twitter users by an attacker who abused one of the social network's APIs has been dumped online for free. While Twitter confirmed that breach, a researcher suggests other attackers also abused the feature to amass information for millions of other users.

Business Continuity Management / Disaster Recovery

Cyber Resilience Minimizes Risks for Digital Services

Brian Pereira • November 25, 2022

Cyber resilience extends beyond cyberattacks and encompasses the convergence of security and disaster recovery and takes into account other factors such as supply chain disruption, attacks on critical infrastructure, epidemics, market fluctuations, power outages, and natural disasters.

Governance & Risk Management

Tata Power Attack Linked to Bug in Nearly 20-Year-Old Server

Mihir Bagwe • November 23, 2022

Microsoft says vulnerabilities in outdated web servers are likely responsible for a cyberattack last month against Indian energy giant Tata Power. Attackers targeted Boa servers, which were discontinued in 2005, to potentially compromise Tata and other critical infrastructure organizations around the world.

Anti-Phishing, DMARC

Russian Hackers Now Offering Stealer as a Service

Akshaya Asokan • November 23, 2022

Security firm Group-IB has identified 34 hacking groups that are now selling a stealer-as-a-service model to spread infostealer malware and steal credentials from online gaming and payment accounts. The company advises organizations to be on the lookout for Raccoon and Redline infostealers.

Cyberwarfare / Nation-State Attacks

Russian KillNet Shuts Down EU Parliament Website With DDoS

Akshaya Asokan • November 23, 2022

Pro-Kremlin KillNet hackers took down the website of the European Parliament on Wednesday in a DDoS attack that came just hours after the legislative body declared Russia a terrorist state. The website was still down late in the day as part of a string of hacktivist attacks against allied nations.

Cyberwarfare / Nation-State Attacks

DOJ Closes Pig-Butchering Domains Tied to Crypto Scams

Prajeet Nair • November 23, 2022

The U.S. government seized seven fake cryptocurrency domains used in a confidence scam based on long-term emotional manipulation of victims that netted criminals more than $10 million. Perpetrators scammed five victims by spoofing the website of the Singapore International Monetary Exchange.

Targeting Healthcare

Healthcare Data Breaches Doubled in 3 Years: Here's Why

Marianne Kolbasuk McGee • November 23, 2022

Over 5,000 major health data breaches since 2009 have affected the personal information of 370 million people. Ransomware gangs and hackers are targeting healthcare providers, insurance firms and partners at an alarming rate. Experts explain why it's such a dangerous game.

Governance & Risk Management

US Army Banks on Cyber Defense Based on Zero Trust - Part 2

Rahul Neel Mani • November 23, 2022

The U.S. Army has embarked on its zero trust journey for both its information and network operations. Army CIO Dr. Raj Iyer shares how the military and the private sector are partnering to secure cloud infrastructure and solidify threat intelligence capabilities to fight adversaries.

Data Loss Prevention (DLP)

AGs Urge Apple to Tighten Health Privacy, Security in Apps

Marianne Kolbasuk McGee • November 22, 2022

Ten state attorneys general are urging Apple to address privacy and security gaps in third-party applications available on the App Store that track, collect or store reproductive health data. The letter comes as scrutiny intensifies over how large tech firms handle sensitive health data.

Next-Generation Technologies & Secure Development

ReliaQuest CEO Brian Murphy on Joining SecOps, Threat Intel

Michael Novinson • November 22, 2022

ReliaQuest customers have tailored Digital Shadows' threat intelligence to their organizations to ensure conversations about their brands or products are being captured, says CEO Brian Murphy. The security operations firm says the Digital Shadows deal has fortified its detection and response muscle.

Cybercrime

LockBit 3.0 Says It's Holding a Canadian City for Ransom

Mihir Bagwe • November 22, 2022

The nefarious LockBit 3.0 cybercriminal group is claiming responsibility for the ransomware attack that halted municipal services and shut down employee email accounts in Westmount, Quebec, giving the city a deadline of Dec. 4 to make an undisclosed ransom payment.

Fraud Management & Cybercrime

Authorized Payment Scams: Why Banks Are So Slow to Respond

Suparna Goswami • November 22, 2022

Banks are getting better at catching a wide range of scams targeted at customer accounts, but they are still struggling with stopping authorized payment fraud through peer-to-peer payment companies such as Zelle, says David Pollino, former divisional CISO with PNC Bank.