May 2021

Fake, positive reviews have infiltrated nearly every corner of life online these days, confusing consumers while offering an unwelcome advantage to fraudsters and sub-par products everywhere. Happily, identifying and tracking these fake reviewer accounts is often the easiest way to spot scams. Here’s the story of how bogus reviews on a counterfeit Microsoft Authenticator browser extension exposed dozens of other extensions that siphoned personal and financial data.

Read More Using Fake Reviews to Find Dangerous Extensions

In this blog, we highlight four tools representing a unique infection chain utilized by NOBELIUM: EnvyScout, BoomBox, NativeZone, and VaporRage. These tools have been observed being used in the wild as early as February 2021 attempting to gain a foothold on a variety of sensitive diplomatic and government entities.

The post Breaking down NOBELIUM’s latest early-stage toolset appeared first on Microsoft Security.

Read More Breaking down NOBELIUM’s latest early-stage toolset

You’ve likely heard of software-as-a-service (SaaS), infrastructure-as-a-service (IaaS), and numerous other “as-a-service” platforms that help support the modern business world. What you may not know is that cybercriminals often use the same business concepts and service models in their own organizations as regular, non-criminal enterprises; i.e., the same practices the majority of their intended victims […]

The post An Inside Look at Cybercrime-as-a-Service appeared first on Webroot Blog.

Read More An Inside Look at Cybercrime-as-a-Service

The internet has grown in leaps and bounds over the past decade. It now allows us to connect with family and friends, shop conveniently and even play casino games online. Today, as per example, it is easy to search on Google a secure online casino in Ireland  and find vendors that let you play games […]

The post 5 Simple Tips for Increasing Your At-Home Cyber Security appeared first on CyberDB.

Read More 5 Simple Tips for Increasing Your At-Home Cyber Security

The global pandemic that began to send us packing from our offices in March of last year upended our established way of working overnight. We’re still feeling the effects. Many office workers have yet to return to the office in the volumes they worked in pre-pandemic. For MSPs, that makes up a good portion of […]

The post Podcast: Cyber resilience in a remote work world appeared first on Webroot Blog.

Read More Podcast: Cyber resilience in a remote work world

NIST’s National Cybersecurity Center of Excellence (NCCoE) has published NIST Cybersecurity Practice Guide Special Publication (SP) 1800-15, Securing Small-Business and Home Internet of Things (IoT) Devices: Mitigating Network-Based Attacks Using Manuf…

Read More NIST Cybersecurity Practice Guide SP 1800-15, Securing Small Business and Home IoT Devices: Mitigating Network-Based Attacks Using MUD

If you’re an admin, service provider, security executive, or are otherwise affiliated with the world of IT solutions, then you know that one of the biggest challenges to overcome is efficacy. Especially in terms of cybersecurity, efficacy is something of an amorphous term; everyone wants it to be better, but what exactly does that mean? […]

The post 5 Tips to get Better Efficacy out of Your IT Security Stack appeared first on Webroot Blog.

Read More 5 Tips to get Better Efficacy out of Your IT Security Stack

 Folks,I hope this finds you all doing well. As some of you may now, over the years, I have shared numerous perspectives on foundational cyber security and on Active Directory security, both here (i.e. on this blog) and at my second blog.Unfortuna…

Read More New Coordinates

Two in five businesses reported a cyber attack or data breach in the past 12 months, according to the UK government’s Cyber Security Breaches Survey 2021. Among those, 35% reported negative effects including the loss of money, data or other assets. These are alarming figures, but how exactly are organisations being affected? After all, there are many ways that cyber criminals can target your organisation – from scamming employees with bogus emails to exploiting vulnerabilities to hack into databases. Each of those attacks will result in different problems. In this blog, we look at five of the most common causes

The post How do cyber attacks affect your organisation? appeared first on IT Governance UK Blog.

Read More How do cyber attacks affect your organisation?

For a week where I didn’t think I had much to talk about, I was surprised by what I ended up with by the time I sat down to broadcast. Turns out there’s always a lot to discuss, and that’s before questions from the live audience as well. As I

Read More Weekly Update 244

Anne Neuberger, Deputy National Security Advisor for Cyber and Emerging Technology, addressed President Biden’s executive order at the virtual RSA Conference this week. The executive order, announced on May 12, 2021, aims to safeguard U.S. cybersecurit…

Read More Live From RSAC: Anne Neuberger Addresses President Biden’s Executive Order on Cybersecurity

Many online services allow users to reset their passwords by clicking a link sent via SMS, and this unfortunately widespread practice has turned mobile phone numbers into de facto identity documents. Which means losing control over one thanks to a divorce, job termination or financial crisis can be devastating.

Even so, plenty of people willingly abandon a mobile number without considering the potential fallout to their digital identities when those digits invariably get reassigned to someone else. New research shows how fraudsters can abuse wireless provider websites to identify available, recycled mobile numbers that allow password resets at a range of email providers and financial services online.

Read More Recycle Your Phone, Sure, But Maybe Not Your Number

Software security is a big focus of the Biden administration’s recent executive order on cybersecurity. In fact, an entire section, or 25 percent, of the order is dedicated to software security requirements. In the wake of the SolarWinds cyberattack, t…

Read More A Closer Look at the Software Supply Chain Requirements in the Cybersecurity Executive Order

Software security is a big focus of the Biden administration’s recent executive order on cybersecurity. In fact, an entire section, or 25 percent, of the order is dedicated to software security requirements. In the wake of the SolarWinds cyberattack, t…

Read More A Closer Look at the Software Supply Chain Requirements in the Cybersecurity Executive Order