Nov 25, 2024Ravie LakshmananMobile Security / Privacy Google has introduced a new feature called Restore Credentials to help users restore their account access to third-party apps securely after migrating to a new Android device. Part of Android's Credential Manager API, the feature aims to reduce the hassle of re-entering the login credentials for every app during the … [Read more...] about Google’s New Restore Credentials Tool Simplifies App Login After Android Migration
Security
Black Friday 2024: how to safeguard your finances against scammers
In the run-up to any holiday season, scammers get busy. A lot of the time, their actions are rather primitive. Getting ready for Christmas? Expect to be bombarded with fake discounts. Valentine’s Day round the corner? Watch out for fake gifts. Big soccer tournament coming up? There’ll be no shortage of fake tickets. But the greatest amount of fake stuff appears the week before … [Read more...] about Black Friday 2024: how to safeguard your finances against scammers
A Pro-China Influence Network of Fake News Sites
Nov 23, 2024Ravie LakshmananCloud Security / Threat Intelligence Government agencies and non-governmental organizations in the United States have become the target of a nascent China state threat actor known as Storm-2077. The adversary, believed to be active since at least January 2024, has also conducted cyber attacks against the Defense Industrial Base (DIB), aviation, … [Read more...] about A Pro-China Influence Network of Fake News Sites
North Korean Hackers Steal $10M with AI-Driven Scams and Malware on LinkedIn
Nov 23, 2024Ravie LakshmananArtificial Intelligence / Cryptocurrency The North Korea-linked threat actor known as Sapphire Sleet is estimated to have stolen more than $10 million worth of cryptocurrency as part of social engineering campaigns orchestrated over a six-month period. These findings come from Microsoft, which said that multiple threat activity clusters with ties … [Read more...] about North Korean Hackers Steal $10M with AI-Driven Scams and Malware on LinkedIn
Gulf Bank Saves Time and Money with CrowdStrike
The Middle East’s financial sector, particularly in Kuwait, faced a surge of sophisticated cyberattacks starting in 2018. For Gulf Bank, a leading financial institution in Kuwait, this wave of attacks was a wakeup call that spurred a pivotal shift in its cybersecurity strategy. Enter Ross McNaughton. Hired by Gulf Bank as CISO in 2019, McNaughton is known within the … [Read more...] about Gulf Bank Saves Time and Money with CrowdStrike
MITRE Center for Threat-Informed Defense Secure AI Partnership
The goal of the Secure AI project is to fortify the security of AI-enabled systems and address the unique vulnerabilities and novel adversary attacks they faceIts results were used to expand MITRE ATLAS®, a comprehensive knowledge base of adversary tactics and techniques targeting AI systemsAs a cybersecurity industry leader and a Center for Threat-Informed Defense Research … [Read more...] about MITRE Center for Threat-Informed Defense Secure AI Partnership
APT-K-47 Uses Hajj-Themed Lures to Deliver Advanced Asyncshell Malware
Nov 22, 2024Ravie LakshmananCyber Attack / Malware The threat actor known as Mysterious Elephant has been observed using an advanced version of malware called Asynshell. The attack campaign is said to have used Hajj-themed lures to trick victims into executing a malicious payload under the guise of a Microsoft Compiled HTML Help (CHM) file, the Knownsec 404 team said in an … [Read more...] about APT-K-47 Uses Hajj-Themed Lures to Deliver Advanced Asyncshell Malware
Falcon Next-Gen SIEM and Cribl Reshape the SIEM Journey
CrowdStream enables SOCs to streamline data flows, prioritize high-value sources and reduce complexity so teams can focus on their most important tasks. By simplifying data management and empowering faster detection, our partnership offers a scalable, resilient solution that helps SOCs achieve security outcomes that meet today’s demands and tomorrow’s challenges. With … [Read more...] about Falcon Next-Gen SIEM and Cribl Reshape the SIEM Journey
Assessing the Efficacy of Application Security in the Age of CI/CD
But application security is a tricky process to navigate for many DevOps and DevSecOps teams. Today’s applications are constantly evolving with new features and updates, continuously introducing the possibility of vulnerabilities and misconfigurations that could heighten risk. Further, organizations navigating the transition from DevOps to DevSecOps may lack the metrics needed … [Read more...] about Assessing the Efficacy of Application Security in the Age of CI/CD
Strengthen SMB Security with Seamless Mobile Protection
Small and medium-sized businesses (SMBs) face many of the same cybersecurity threats as large enterprises but often lack the resources to maintain robust security across all devices. As SMBs rely on a growing number of smartphones and tablets, they must defend against a range of mobile-focused cyberattacks. The need for comprehensive security has never been more urgent. … [Read more...] about Strengthen SMB Security with Seamless Mobile Protection