Aug 16, 2023The Hacker News At a little overt halfway through 2023, credential theft is still a major thorn in the side of IT teams. The heart of the problem is the value of data to cybercriminals and the evolution of the techniques they use to get hold of it. The 2023 Verizon Data Breach Investigations Report (DBIR) revealed that 83% of breaches involved external actors, … [Read more...] about What’s the State of Credential theft in 2023?
State
Improving citizen experience with generative AI: Navigating a new era for state and local government
Last week, I wanted to find out the process for my fifteen year old daughter to get her first driver's license. Sounds simple enough. However, I ended up spending a good portion of my weekend searching for definitive answers — navigating multiple websites, without the option of asking a real, live person. In the very near future, I'll simply be able to ask a chatbot. The … [Read more...] about Improving citizen experience with generative AI: Navigating a new era for state and local government
CERT-UA Alerts Ukrainian State Authorities of Remcos Software-Fueled Cyber Attacks
Feb 08, 2023Ravie LakshmananThreat Intelligence / Cyber War The Computer Emergency Response Team of Ukraine (CERT-UA) has issued an alert warning of cyber attacks against state authorities in the country that deploy a legitimate remote access software named Remcos. The mass phishing campaign has been attributed to a threat actor it tracks as UAC-0050, with the agency … [Read more...] about CERT-UA Alerts Ukrainian State Authorities of Remcos Software-Fueled Cyber Attacks
New U.S. State Data Privacy Laws in 2022
Many countries around the world recognized Data Protection Day in January — a day that highlights the importance of protecting individual privacy and data against misuse. The U.S. celebrated Data Privacy Day, where privacy and security have often been seen as two separate issues. This is evidenced by the way law has historically developed. At the federal level, Congress has … [Read more...] about New U.S. State Data Privacy Laws in 2022
Pegasus Spyware Reportedly Hacked iPhones of U.S. State Department and Diplomats
Apple reportedly notified several U.S. Embassy and State Department employees that their iPhones may have been targeted by an unknown assailant using state-sponsored spyware created by the controversial Israeli company NSO Group, according to multiple reports from Reuters and The Washington Post. At least 11 U.S. Embassy officials stationed in Uganda or focusing on issues … [Read more...] about Pegasus Spyware Reportedly Hacked iPhones of U.S. State Department and Diplomats
Gem State University Saves a Small Fortune on TCO With Humio
This blog was originally published on humio.com. Humio is a CrowdStrike Company. Overview The University of Idaho uses Humio to ingest and analyze network security log data at scale. Humio provides incredible cost-savings compared to their previous logging solution, helping the university increase security insights, streamline incident detection and response efforts, and reduce … [Read more...] about Gem State University Saves a Small Fortune on TCO With Humio
Improve Your Cyber Security Posture by Combining State of the Art Security Tools
Today there are plenty of cybersecurity tools on the market. It is now more important than ever that the tools you decide to use work well together. If they don't, you will not get the complete picture, and you won't be able to analyze the entire system from a holistic perspective. This means that you won't be able to do the right mitigations to improve your security posture. … [Read more...] about Improve Your Cyber Security Posture by Combining State of the Art Security Tools
Data Breach Exposes 1.6 Million Jobless Claims Filed in the Washington State
The Office of the Washington State Auditor (SAO) on Monday said it's investigating a security incident that resulted in the compromise of personal information of more than 1.6 million people who filed for unemployment claims in the state in 2020. The SAO blamed the breach on a software vulnerability in Accellion's File Transfer Appliance (FTA) service, which allows … [Read more...] about Data Breach Exposes 1.6 Million Jobless Claims Filed in the Washington State
The State of Exploit Development: Part 2
In Part 1 of this two-part blog series, we addressed binary exploitation on Windows systems, including some legacy and contemporary mitigations that exploit writers and adversaries must deal with in today’s cyber landscape. In Part 2, we will walk through more of the many mitigations Microsoft has put in place. Modern Mitigation #1: Page Table Randomization As explained in Part … [Read more...] about The State of Exploit Development: Part 2
The State of Exploit Development: Part 1
Memory corruption exploits have historically been one of the strongest accessories in a good red teamer’s toolkit. They present an easy win for offensive security engineers, as well as adversaries, by allowing the attacker to execute payloads without relying on any user interaction. Fortunately for defenders, but unfortunately for researchers and adversaries, these types of … [Read more...] about The State of Exploit Development: Part 1