‘Hive’ Russian Ransomware Gang Shut Down by FBI, DoJ, Europol, Bundeskriminalamt, et al

Richi Jennings | January 27, 2023 | Bundeskriminalamt, Department of Justice, DOJ, Europol, FBI, Hive, HIVE Ransomware, Ransomware, SB Blogwatch, takedown, takedowns, website takedown, website takedowns

Law enforcement agencies from several countries got together and took down the site. They also worked to decrypt victims’ data ...

Security Boulevard

attacks supply chain supply chain ransomware The Kill Chain Model

Securing Against Supply Chain Attacks

Jaye Tillson | January 27, 2023 | attacks, Cybersecurity, DLP, least privilege, supply chain

Anyone who has been in IT for the last decade knows the risks posed by ransomware and cyberattacks. They have been on our radar as a top concern for many years. But ...

Security Boulevard

LastPass WithSecure language Expel BEC Delivering Email Post-Data Breach

More Details of LastPass Breach: Hackers Used Stolen Encryption Key

Teri Robinson | January 27, 2023 | Data breach, GoTo, lastpass, Password, password managers

A breach at LastPass is the gift that keeps on giving—or taking, depending on your perspective. LastPass parent company GoTo raised the alarm this week that, in addition to stealing encrypted backups ...

Security Boulevard

5 Essential ITDR Steps CISOs Must Know

Semperis Team | January 26, 2023 | Active Directory Recovery, Disaster Recovery, Hybrid Security, Incident Response

Just as the impact of cyberattacks is not confined to the IT department, the role of the CISO has expanded beyond the security team. With organizations and analysts now acknowledging that identity ...

Semperis

New Ransomware Payment Reporting Requirements on Horizon

Mark Rasch | January 26, 2023 | cisa, Compliance, NYDFS, Ransomware

January 9, 2023, was the deadline for financial services companies doing business in New York (including cryptocurrency entities with a Bit license) to comment on new proposed cybersecurity regulations which would mandate, ...

Security Boulevard

Five Incident Response Metrics you Should be Recording

Ashlyn Eperjesi | January 25, 2023 | analytics, Incident Response, reporting, secops, security operations

Incident response is a critical aspect of any organization's security operations. A properly functioning incident response process ensures quick and efficient resolution of disruptions. To effectively manage incident response in a security ...

Swimlane (en-US)

PayPal Visa AI digital payments Security the Price of Convenience in Supply Chain Payments

PayPal Credential Stuffing Attacks Renew Calls for MFA

Teri Robinson | January 25, 2023 | Authentication, credential stuffing, identification, MFA, passwordless, Paypal, Third Party Access

An internal review confirmed that on December 20, 2022, unauthorized parties could use account holders’ login credentials to access their PayPal accounts. In response to what is being called a credential stuffing ...

Security Boulevard

CyberInsurance Predictions for 2023

Mark Rasch | January 25, 2023 | cyber insurance, cyberattack, cyberinsurance, Cybersecurity, insurance, Ransomware

It is difficult to predict with certainty what the top trends in cyberinsurance will be in 2023, as the field is constantly evolving and new developments are emerging all the time. However, ...

Security Boulevard

US No-Fly List Leaked via Airline Dev Server by @_nyancrimew

Richi Jennings | January 23, 2023 | @_nyancrimew, CommuteAir, maia arson crimew, no-fly list, SB Blogwatch, SSSS, Tillie Kottmann, United Airlines

An unsecured Jenkins server contained secret credentials for more than 40 public-cloud storage buckets. In today’s SB Blogwatch, we say hello to our old friend maia arson crimew ...

Security Boulevard

cybersecurity hygiene Russian Ukraine microsoft Freeze on Phishing

Russia-Linked Attackers Target US Nuclear Research Facilities

Christopher Burgess | January 23, 2023 | Cold River, cyber hygiene, Cybersecurity, Department of Energy, National Laboratory, Phishing

It made the headlines in early January; Russia is targeting U.S. nuclear scientists and research facilities. While certainly not a news flash—given that Russia’s (and the USSR’s) history of targeting U.S. nuclear ...

Security Boulevard

Incident Response

Incident Response

‘Hive’ Russian Ransomware Gang Shut Down by FBI, DoJ, Europol, Bundeskriminalamt, et al

Securing Against Supply Chain Attacks

More Details of LastPass Breach: Hackers Used Stolen Encryption Key

‘Hive’ Russian Ransomware Gang Shut Down by FBI, DoJ, Europol, Bundeskriminalamt, et al

Securing Against Supply Chain Attacks

More Details of LastPass Breach: Hackers Used Stolen Encryption Key

5 Essential ITDR Steps CISOs Must Know

New Ransomware Payment Reporting Requirements on Horizon

Five Incident Response Metrics you Should be Recording

PayPal Credential Stuffing Attacks Renew Calls for MFA

CyberInsurance Predictions for 2023

US No-Fly List Leaked via Airline Dev Server by @_nyancrimew

Russia-Linked Attackers Target US Nuclear Research Facilities

USENIX Security ’22 – Lei Xue, Yangyang Liu, Tianqi Li, Kaifa Zhao, Jianfeng Li, Le Yu, Xiapu Luo, Yajin Zhou, Guofei Gu – ‘SAID: State-Aware Defense Against Injection Attacks On In-Vehicle Network’

Gartner® Report: Prioritizing Security Controls for Enterprise Servers and End-User Endpoints

Clarification of Obligations for the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates

There’s No There There….Or is There? You Won’t Find Out With DLP

CBA AND FIDO: One, Other, or Both?