David
US Government Launches “Shields Ready” Cyber Resilience Campaign – November 9th
The US Department of Homeland Security (DHS), the Cybersecurity and Infrastructure Security Agency (CISA), and the Federal Emergency Management Agency (FEMA) launched the "Shields Ready" cybersecurity campaign to promote critical national infrastructure (CNI). The "Shields Ready" campaign will tackle CNI by establishing focused strategic strategies to protect organizations from potential disruption, and by building cyber-resilient systems.
Palo Alto Networks Acquires Talon Cyber Security – November 8th
Palo Alto Networks announced its purchase of Talon Cyber Security for $625 million to ramp up its merger and acquisition efforts. Palo Alto Networks credited the acquisition of Talon to its ability to navigate the challenges of today's connected digital environments.
Ransomware Attacks Double Over Past Two Years – November 7th
Ransomware Attacks Double Over Past Two Years Akamai Technologies found that organizations faced an average of 86 ransomware attacks in
OpenAI Launches Initiative to Tackle Growing AI Risks – November 6th
OpenAI has announced a new team, intended to counter the risks brought by generative AI systems. Labeled the "preparedness" unit, the new OpenAI branch will be tasked to set preventive measures for systemic AI risks which include individual persuasion, cybersecurity, autonomous replication and adaptation, and chemical, biological, radiological, and nuclear (CBRN) threats.
APAC Organizations Unable to Prevent 41% of Cyberattacks – November 3rd
In a study by Forrester in collaboration with exposure management company, Tenable found that companies in the Asia Pacific region could not prevent 41% of cyberattacks within the past two years. The APAC edition of the report "Old Habits Die Hard: How People, Process and Technology Challenges Are Hurting Cybersecurity" was based on a survey consisting of 219 cybersecurity leaders in APAC.
EU Bans Meta’s FB and IG Targeted Advertising – November 2nd
Imposed by the Norwegian Data Protection Authority (DPA), the European Data Protection Board announced its latest extension on the temporary ban of Meta's Facebook and Instagram's targeted advertising for data privacy purposes. The Norwegian DPA explained that Meta apps use content preferences based on user posts and location information to create personalized advertising targeting, which poses a threat to data privacy.
Forty Countries Vow to Not Pay Cyber Ransoms – November 1st
Forty US-allied countries pledged to no longer pay cybercrime ransoms at the second annual meeting of the International Counter Ransomware Initiative. The idea behind the pledge is that as long as ransom is paid to these cyber criminals, it will continue. This initiative would also seek to encourage organizations within the participating countries to focus on improving their cybersecurity infrastructure rather than just folding to these cyber criminals.
Canadian Government Employees Banned to Use Kaspersky and WeChat Apps – October 31st
SlashNext's "State of Phishing Report for 2023" report stated the 1265% phishing increase in malicious phishing emails since Q4 2022, correlating to ChatGPT's launch. It was also reported that 31,000 phishing emails were sent on a daily basis in the past year, 68% of them being text-based Business Email Compromise (BEC).
Revenue Losses in Small Businesses due to Cyber Attacks Rise to 42% – October 30th
According to a report by the Identity Theft Resource Center, 42% of small businesses lost revenue due to a cyber attack in 2023. Despite the record rise of cyber attacks (73%) and revenue loss in small businesses, 85% of small business leaders claim to be prepared for cyber attacks.
Google’s Vulnerability Rewards Program (VRP) Expansion – October 27th
Google's Vulnerability Rewards Program (VRP), a program made to reward researchers who find system vulnerabilities, has been expanded for generative AI. Google explained the expansion of the VRP as a reaction to the risks brought by AI, and the magnified implications it has for traditional digital security.
Europol Urges Police to Prepare for Quantum Computing – October 26th
Europol released a statement directed to European law enforcement agencies to prepare for the impact quantum computing will have on the cybersecurity ecosystem. This warning is based on Europol's latest report, "The Second Quantum Revolution: The Impact of Quantum Computing and Quantum Technologies on Law Enforcement" which dives into the threats and opportunities of quantum computing to threat actors.
UK Purchase Scams Surge up to £580M – October 25th
UK Finance has reported a significant increase in authorized push payment (APP) fraud in the first half of 2023. APP fraud refers to threat actors practicing identity fraud to trick victims into sending money to bank accounts under their control.
BHI Energy comes clean about devastating data breach – October 24th
US energy firm BHI Energy has shared details about an Akira ransomware gang attack that breached its network in May this year. The gang used a third-party contractor's account to reach BHI's internal network through a VPN connection. In the weeks that followed the breach, 767K files, containing 690 GB of data were stolen. These included BHI's Windows Active Directory database.
BlackCat turns to ‘Munchkin’ to advance hacker operations – October 23rd
The BlackCat ransomware group has employed the use of a new tool, called Munchkin, making the Ransomware-as-a-Service (Raas) operation more attractive to potential affiliates. This is because Munchkin allows for the use of remote systems to deploy encryptors on network devices. After violating a device's security, the threat actors are able to install something called a VirtualBox, which enhances their ability to propagate a malicious payload across victim networks.
Stealthy malware with ‘spy’ abilities makes headlines – October 19th
A stealthy malware known as SpyNote has made headlines because of its ability to steal data, record calls and access the cameras of devices it has infected. The malware disguises itself as a phone operating system update, fooling targeted victims into allowing it access privileges