Author: Blog

We’re excited to share that Nozomi Networks has secured the cybersecurity leadership position for our record pace of growth and innovation in the Frost Radar: 2019 Growth, Innovation & Leadership report.

United Nations experts are calling for an investigation after a forensic report said Saudi officials “most likely” used a mobile hacking tool built by the NSO Group to hack into the Amazon founder Jeff Bezos’ phone.

The intelligence in this week’s iteration discuss the following threats: APT40, APT28, data-breach, Trickbot, phishing, targeted attacks, JhoneRAT, Pegasus. The IOCs related to these stories are attached to the Community Threat Briefing and can be used to check your logs for potential malicious activity.

Figure 1 – IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.

More and more people are flocking to a wide variety of careers in IT, thanks mostly to the high pay, plentiful advancement opportunities, and an exciting atmosphere that offers new challenges every day.

Octi has created a new social network that uses augmented reality to connect the act of seeing your friends in real life with viewing digital content like their favorite YouTube videos and Spotify songs.

Placer.ai, a startup that analyzes location and foot traffic analytics for retailers and other businesses, announced today that it has closed a $12 million Series A. The round was led by JBV Capital, with participation from investors including Aleph, Reciprocal Ventures and OCA Ventures.

ACROS Security’s 0patch service on Tuesday released an unofficial fix for CVE-2020-0674, a recently disclosed vulnerability in Internet Explorer that has been exploited in targeted attacks.

As reported by SC Magazine, hackers are actively exploiting a zero day vulnerability in Internet Explorer, prompting a warning from the Department of Homeland Security (DHS) Cybersecurity & Infrastructure Security Agency (CISA). “Microsoft is aware of limited targeted attacks” in a remote code execution (RCE) vulnerability [CVE-2020-0674] in the scripting engine of Internet Explorer across all versions of Windows that would let a hacker obtain the same rights as a current user, Microsoft warned Friday.

Written by Sean Lyngaas
Jan 22, 2020 | CYBERSCOOP

The 2017 WannaCry-fueled shutdown of a car facility and other high-profile infections make ransomware too big to ignore for the manufacturing sector. But while factory operators reckon with their security weaknesses, they sometimes lack information on how and why their networks attract the interest of digital thieves.

At a campaign event in southeastern Iowa in December, a graduate student named Charlotte Moser was waiting to ask Sen. Elizabeth Warren a question. As we sat and talked in a crowded union hall before the event began, Charlotte told me she felt a little guilty that it wasn’t about Warren’s plans or policies. But what she really wanted to know, she said, was how Warren coped with sexism on the campaign trail. “She’s faced a lot of that recently — being called elitist and unlikable and angry,” she said.

New versions of the ransomware now sniff out saved credentials for Internet Explorer, Mozilla Firefox, Mozilla Thunderbird, Google Chrome and Microsoft Outlook. FTCODE, a PowerShell-based ransomware that targets Italian-language users, has added new capabilities, including the ability to swipe saved web browser and email client credentials from victims.

Written by Shannon Vavra
Jan 22, 2020 | CYBERSCOOP

The Secret Service has recently hand-picked a small group of private-sector cybersecurity experts to advise the agency’s investigations team on how it can better take down cybercriminals, CyberScoop has learned.

One of the lasting impacts of GDPR, the European privacy regulation that went into effect in May of 2018, has been that the security function has gained an awareness of privacy. Privacy now carries with it a risk weight that has to be part of every conversation around policies and standards, says Ken Foster, head of global cyber risk governance at First Data, a global leader in commerce-enabling technology serving 4,000 companies in more than 100 countries around the world. But what’s keeping Foster up at night? The unintentional insider. His burning question: “How do we get people to pay attention?”

Lawmakers in the US State of Maryland are debating a new bill that would make it illegal to own and distribute ransomware, and stiffens punishment for ransomware operators.

Blossom Capital, the early-stage VC firm co-founded by ex-Index Ventures and LocalGlobe VC Ophelia Brown, is announcing a second fund, less than 12 months since fund one was closed.

If your business accepts credit card payments, then you need to comply with PCI-DSS standards. PCI-DSS stands for Payment Card Industry Data Security Standard. These are sets of rules established to protect against credit card fraud, hacking, and other security breaches. Credit card issuers and companies that store, process, and transmit card information implement the rules defined by the PCI-DSS. Here’s what you need to know about these standards.

The last half of 2011 was for me an my team a really, really tough time.

New Delhi is inching closer to recommending regulations that would require social media companies and instant messaging app providers operating in the nation to help law enforcement agencies identify users who have posted content — or sent messages — it deems questionable, two people familiar with the matter told TechCrunch.

Software firm is “aware of limited targeted attacks” exploiting a scripting issue vulnerability in Internet Explorer 9, 10, and 11 that previously has not been disclosed.