Security

1. Cyberstorage: Leveraging the Multi-Cloud to Combat Data Exfiltration - Multi-cloud data storage, once merely a byproduct of the great cloud migration, has now become a strategy for data management. "Multi-cloud by design," and its companion the supercloud, is an ecosystem in which several cloud systems work together to provide many organizational benefits, including increased scale and overall resiliency.And now, even security teams who have long been the holdout on wide-scale cloud adoption, may find a reason to rejoice. Born out of the multi-cloud approach,… Continue Reading
2. New Wi-Fi Protocol Security Flaw Affecting Linux, Android and iOS Devices - A group of academics from Northeastern University and KU Leuven has disclosed a fundamental design flaw in the IEEE 802.11 Wi-Fi protocol standard, impacting a wide range of devices running Linux, FreeBSD, Android, and iOS.Successful exploitation of the shortcoming could be abused to hijack TCP connections or intercept client and web traffic, researchers Domien Schepers, Aanjhan Ranganathan, and Mathy Vanhoef said in a paper published this week.The approach exploits power-save mechanisms in endpoint devices to… Continue Reading
3. The Life and Times of SysInternals | How One Developer Changed the Face of Malware Analysis - When we first set down the idea of starting a SentinelLabs conference, we decided that the central tenet of the con would be to create a stage to showcase the best research, recognize potential contributions, and amplify them. As LABScon evolved and we were crafting the agenda, Ryan Naraine and I developed a shortlist of ‘dream talks’ we’d love to see on the first day Keynote stage. One idea that kept percolating up to the… Continue Reading
4. New MacStealer macOS Malware Steals iCloud Keychain Data and Passwords - A new information-stealing malware has set its sights on Apple's macOS operating system to siphon sensitive information from compromised devices.Dubbed MacStealer, it's the latest example of a threat that uses Telegram as a command-and-control (C2) platform to exfiltrate data. It primarily affects devices running macOS versions Catalina and later running on M1 and M2 CPUs."MacStealer has the ability to steal documents, cookies from the victim's browser, and login information," Uptycs researchers Shilpesh Trivedi and Pratik… Continue Reading
5. Top Tech Talent Warns of AI's Threat to Human Existence in Open Letter - More than 1,000 of technology's top talent names — including Twitter CEO Elon Musk, Apple co-founder Steve Wozniak, and politician Andrew Yang — have signed an open letter urging AI pioneers to pump the breaks on the AI development race, because of its potential danger to humanity."Powerful AI systems should be developed only once we are confident that their effects will be positive, and their risks will be manageable," the open letter, published on the… Continue Reading
6. SMBs don’t see need for cyber insurance since they won’t experience security incidents - Most Popular Believing they will not encounter cybersecurity incidents, small and midsize businesses (SMBs) do not see a need for cyber insurance. Among 39% of SMBs in Singapore that are not considering or remain undecided about getting protection against cyber risks, half say it is because they are unlikely to experience cybersecurity or cybercrime issues. Another 54% say they do not store sensitive or personal data online and, hence, do not see a need for… Continue Reading
7. Smart Mobility has a Blindspot When it Comes to API Security - The emergence of smart mobility services and applications has led to a sharp increase in the use of APIs in the automotive industry. However, this increased reliance on APIs has also made them one of the most common attack vectors. According to Gartner, APIs account for 90% of the web application attack surface areas. With no surprise, similar trends are emerging also in the smart mobility space. A recent Automotive and Smart Mobility Cybersecurity Report… Continue Reading
8. Apple Issues Urgent Security Update for Older iOS and iPadOS Models - Apple on Monday backported fixes for an actively exploited security flaw to older iPhone and iPad models. The issue, tracked as CVE-2023-23529, concerns a type confusion bug in the WebKit browser engine that could lead to arbitrary code execution. It was originally addressed by the tech giant with improved checks as part of updates released on February 13, 2023. An anonymous researcher has been credited with reporting the bug. Unlock the secrets to bulletproof incident… Continue Reading
9. U.K. National Crime Agency Sets Up Fake DDoS-For-Hire Sites to Catch Cybercriminals - In what's a case of setting a thief to catch a thief, the U.K. National Crime Agency (NCA) revealed that it has created a network of fake DDoS-for-hire websites to infiltrate the online criminal underground."All of the NCA-run sites, which have so far been accessed by around several thousand people, have been created to look like they offer the tools and services that enable cyber criminals to execute these attacks," the law enforcement agency said."However,… Continue Reading
10. Hackers Steal Over $1.6 Million in Crypto from General Bytes Bitcoin ATMs Using Zero-Day Flaw - Bitcoin ATM maker General Bytes disclosed that unidentified threat actors stole cryptocurrency from hot wallets by exploiting a zero-day security flaw in its software. "The attacker was able to upload his own java application remotely via the master service interface used by terminals to upload videos and run it using 'batm' user privileges," the company said in an advisory published over the weekend. "The attacker scanned the Digital Ocean cloud hosting IP address space and… Continue Reading

What are cybersecurity threats?

A cybersecurity threat is any malicious attack by an individual or organization to gain access to another individual’s or organization’s network to corrupt data or steal confidential information. Sometimes, the attacks destroy computer systems.
No company is immune from cyber attacks and the resulting data breaches. As cyber threats become increasingly sophisticated, businesses must ensure they implement the security necessary to safeguard their data and their networks.
However, before they can do that, organizations need to understand the types of threats they’ll be facing almost daily, including:

• Trojan: A type of malicious software (malware) or code that acts as a legitimate application or file to trick a user into loading and executing the malware on his device. A Trojan’s goal is to damage or steal an organization’s data or otherwise inflict some harmful action on its network.
• Virus: A malicious program aimed at infecting a company’s systems, destroying data and bringing its network to a standstill. A virus attaches itself to a program, file, or document and lies dormant until some event triggers the device to execute its code.
• Phishing attacks: A type of social engineering that attempts to trick users into bypassing normal cybersecurity practices and giving up sensitive data, such as user names and passwords, bank account information, Social Security numbers, and credit card data. Typically, hackers send out phishing scam emails that appear to come from trusted senders, such as PayPal, eBay, financial institutions, as well as friends and co-workers. The cybercriminals try to get users to click on links in the emails that will redirect them to fraudulent websites that ask for personal information or install malware on their devices. Opening attachments sent with phishing emails can also install malware on users’ devices, or allow the hackers to control their devices remotely.
• Ransomware is malicious software that infects your computer and displays messages demanding a fee to be paid in order for your system to work again. … It has the ability to lock a computer screen or encrypt important, predetermined files with a password.
• Distributed denial of service (DDoS): A DDoS attack aims to take down a company’s website by overwhelming its servers with requests. In this attack, requests come from hundreds or thousands of IP addresses that have probably also been compromised and tricked into continuously requesting a company’s website. A DDoS attack overloads an organization’s servers, slows them down significantly or temporarily takes them offline. This prevents customers from accessing the website and completing orders.