2021 was filled with high-profile ransomware attacks on businesses across industries — some of which (e.g., the Colonial Pipeline attack) shut down entire markets and caused panic in parts of the US. As disruptive and destructive as these attacks were, the next wave of ransomware could be even more dangerous — especially for the healthcare industry.
Like a virus, threat actors will continue to evolve and mutate the way they attack businesses to make the greatest profit. In “classic” ransomware attacks, bad actors encrypt a victim’s data and then force them to pay a ransom to have it unencrypted. But this evolved to cybercriminals forcing victims to pay a ransom not only to have their data unencrypted, but to prevent it from being publicly released or sold. Today, we’re beginning to see the third wave of ransomware — killware.
OSS revealed that they didn’t implement robust security measures as cybersecurity wasn’t such a critical issue back in 2006 when the website was launched. In the preceding years, they didn’t improve the site’s security. That’s why attackers could compromise the website by hacking a SuperAdmin’s low-security password and accessing user data after performing SQL injection.
continue reading: https://www.hackread.com/opensubtitles-hacked-data-breach-user-leak/
FBI warns of fake job postings used to steal money
Scammers are trying to steal job seekers’ money and personal information through phishing campaigns using fake advertisements posted on recruitment platforms.
The warning was published today as a public service announcement (PSA) on the Bureau’s Internet Crime Complaint Center (IC3).
“The FBI warns that malicious actors or ‘scammers’ continue to exploit security weaknesses on job recruitment websites to post fraudulent job postings in order to trick applicants into providing personal information or money,” the FBI says.
Russia’s Escalation in Ukraine Sounds Cyber Defense Alarms
Russia’s threat to Ukraine is reshaping notions of what it means to employ cyber operations as part of a conflict.
Whether Russian President Vladimir Putin has even decided what he will do next remains unclear, experts say. But a number of military options remain available, and all of them would likely involve some form of cyber escalation, and could well impact such critical infrastructure as the energy and financial services sectors, according to Washington think tank Center for Strategic and International Studies.
Hacker Group ‘Moses Staff’ Using New StrifeWater RAT in Ransomware Attacks
A politically motivated hacker group tied to a series of espionage and sabotage attacks on Israeli entities in 2021 incorporated a previously undocumented remote access trojan (RAT) that masquerades as the Windows Calculator app as part of a conscious effort to stay under the radar.
Cybersecurity company Cybereason, which has been tracking the operations of the Iranian actor known as Moses Staff, dubbed the malware “StrifeWater.”
“The StrifeWater RAT appears to be used in the initial stage of the attack and this stealthy RAT has the ability to remove itself from the system to cover the Iranian group’s tracks,” Tom Fakterman,
New Malware Used by SolarWinds Attackers Went Undetected for Years
According to cybersecurity firm CrowdStrike, which detailed the novel tactics adopted by the Nobelium hacking group last week, two sophisticated malware families were placed on victim systems — a Linux variant of GoldMax and a new implant dubbed TrailBlazer — long before the scale of the attacks came to light.
Nobelium, the Microsoft-assigned moniker for the SolarWinds intrusion in December 2020, is also tracked by the wider cybersecurity community under the names UNC2452 (FireEye), SolarStorm (Unit 42), StellarParticle (Crowdstrike), Dark Halo (Volexity), and Iron Ritual (Secureworks).
continue reading: https://thehackernews.com/2022/02/new-malware-used-by-solarwinds.html
Achieving Workforce Diversity in Cybersecurity
In the current global landscape of near daily announcements of cyberattacks, organizations can no longer just sit back and wait for employees to find them; they must be proactive. Organizations need to understand the indicators of success for their cybersecurity positions, and they may be surprised to learn that degrees and experience are not always the best indicators. Workforce diversity is not only about employing different races but also includes diversity in culture, personalities and even neurocapabilities.
US Sends Top Cyber Official to Europe Amid Ukraine Crisis
With tensions mounting on Ukraine’s eastern border, where Russia has massed some 100,000 troops, U.S. cybersecurity officials have grown increasingly concerned over the threat of direct cyberwarfare carried out against Ukrainian networks, and perhaps retaliatory attacks on Western nations intervening. As such, the U.S. dispatched its top cyber official to Europe on Tuesday to discuss the Russian cyberthreat.
Human firewalls are key to cyberdefense
When it comes to cybersecurity, only relying on hardware and software-based defenses is not enough. Implementing a robust security solution that also accounts for the human factor is vital, as staff and employees are the weakest links in any organization.
As cyberattacks are becoming more sophisticated by the day, a human firewall can be your first and best line of defense.
continue reading: https://www.makeuseof.com/human-firewall-against-cyberattacks/
Read more Cyber Security news at https://que.com/tag/cybersecurity