Cyber Insurance Is Not a Substitute for Cybersecurity
www.crowdstrike.com/blog/why-cyber-insurance-is-not-a-substitute-for-cybersecurity/ Attacks are increasing in frequency, ransom demands are rising and the cyber insurance industry has reached a crossroad where cyber insurance cannot be used by victims of a ransomware attack as a substitute for inadequate cybersecurity solutions and practices
Subscription ransomware – Zeppelin ransomware comes back to life
www.bleepingcomputer.com/news/security/zeppelin-ransomware-comes-back-to-life-with-updated-versions/ The developers of Zeppelin ransomware have resumed their activity after a period of relative silence that started last Fall and started to advertise new versions of the malware. Earning model of the ransomware is a bit more interesting, in a way that it includes providing a cut to the developers and subscription model for regular customers.
Indonesian govt blocks access to RaidForums hacking forum after data leak
www.bleepingcomputer.com/news/security/indonesian-govt-blocks-access-to-raidforums-hacking-forum-after-data-leak/ The Indonesian government is blocking access to the RaidForums hacking forum after the alleged personal information of Indonesian citizens was posted online. On Friday, a newly registered forum member posted what they claim is a database containing 200 million records of personal information for Indonesian people.
VPN Android apps: What you should know
newsblur.com/site/6289490/malwarebytes-labs In just the past year, free VPN for Android apps have exposed the data of as many as 41 million users. Investigations into one of those free VPN Android apps also revealed that it may have been part of a larger web of Android VPNs all operating under the same company.
Romcon: How romance fraud targets older people and how to avoid it
www.welivesecurity.com/2021/05/24/rom-con-romance-fraud-older-people-avoid/ Online dating scams often follow the same script here’s what senior citizens should watch out for and how their younger relatives can help them avoid falling victim
How scammers have been targeting ArtStation freelancers
www.kaspersky.com/blog/artstation-job-scam/39999/ The pandemic has left tens of millions of people around the world effectively jobless, and scammers, never ones to miss an opening, have been targeting freelancers and job seekers more frequently. Today, we look at an unusually sophisticated scam aimed at artists and designers.
Key Takeaway from the Colonial Pipeline Attack
blogs.cisco.com/security/key-takeaway-from-the-colonial-pipeline-attack In the Cisco Blog Vikram Sharma describes the colonial pipeline attack and some measures that could have helped prevent the attack
What Every Incident Response Plan Needs
securityintelligence.com/articles/what-every-incident-response-plan-needs/ The enterprise can only do so much to prevent malicious actors from breaking into networks. They need be able to detect, respond to and shut down an attack chain that’s in progress. NIST along with others have already come up with guides containing incident response recommendations. You don’t need to follow every one of those guidelines. Instead, use those best practices as a starting place from which you can create a custom plan.
Bluetooth flaws allow attackers to impersonate legitimate devices
kb.cert.org/vuls/id/799380 Attackers could abuse vulnerabilities discovered in the Bluetooth Core and Mesh Profile specifications to impersonate legitimate devices during the pairing process and launch man-in-the-middle (MitM) attacks.
Apple fixes three zero-days, one abused by XCSSET macOS malware
www.bleepingcomputer.com/news/security/apple-fixes-three-zero-days-one-abused-by-xcsset-macos-malware/ Apple has released security updates to patch three macOS and tvOS zero-day vulnerabilities attackers exploited in the wild, with the former being abused by the XCSSET malware to bypass macOS privacy protections.