IBM X-Force has released a report on malicious cyber actors targeting the COVID-19 cold chain—an integral part of delivering and storing a vaccine at safe temperatures. Impersonating a biomedical company, cyber actors are sending phishing and spearphishing emails to executives and global organizations involved in vaccine storage and transport to harvest account credentials. The emails have been posed as requests for quotations for participation in a vaccine program.
SailPoint Technologies Holdings, Inc. released an international study uncovered several security threats with every worker whose access was freely granted without proper security controls in place, including phishing attempts, using personal devices for work and vice versa, and sharing passwords with friends and family.
The Standoff, an online offensive/defensive competition in which defenders (blue teams) compete against attackers (red teams) to control the infrastructure of a simulated digital city, has concluded.
The event took place Nov. 12-17, 2020, pitting information security veterans against skilled hackers in a battle to hack mock banks, utilities, airports, downtown hubs, IoT systems, cargo and public transportation, telecoms systems and more.
Starting on November 16, 2020 the Maryland Innovation Institute (MISI) and its DreamPort Program and sponsor U.S. Cyber Command will hold a cyber exercise designed to highlight the importance of control systems' cybersecurity and critical infrastructure cybersecurity. The event, Hack the Building 2020, will have more than 45 offensive and defensive teams from industry, academia, civilian agencies and the Department of Defense participating to disrupt or take over a connected building.
The Standoff is an online competition where cybersecurity experts can put their skills to the test against professional hackers. That's right - your organization can test its defense skills over a battle for control over digital replicas of real-life IT infrastructure being targeted by real-life hackers.
It’s the season of ghouls, ghosts and outrageous costumes. But for CISOs and cybersecurity professionals, a bump in the night on Halloween is more likely to be a notification warning them of data breach than a spooky ghostly visitation. In the COVID-19 era, spookiness-as-a-service providers who rent out costumes or sell party products are likely to have a difficult time as lockdowns and home-working play havoc with businesses focused on in-person interaction. Yet for hackers, the dawn of a socially-distanced new normal has opened up vast numbers of attack vectors and given them new opportunities to target businesses or individuals. So what should you be worried about this Halloween? To help you work out the answer to that question, here are some of the scariest cybersecurity stories and trends of 2020:
Digital Shadows, throughout the years, has tracked SandWorm, and has now revisited the tactics, techniques and procedures (TTPs) behind the SandWorm APT.
Rigorous training as to how hackers are able to get into systems and access sensitive data and how to defend against an onslaught of cyberattacks has given rise to a specific type of training and competition for cybersecurity professionals: Capture the Flag (CTF).
To find out more about these competitions, we talk to Dr. David Brumley, CEO of ForAllSecure, Inc. and Professor of Electrical and Computer Engineering and Computer Science at Carnegie Mellon University.
On one hand, we have cybersecurity solutions that are not keeping pace with today’s hackers. In spite of more resources being devoted to cybersecurity, cyber compromises are at an all-time high, with even less experienced hackers now gaining access. At the same time, hardware designers are changing their industry standards and direction. This change enables hackers anytime access to hardware - even when it is powered off. The result of this combination is a perfect cyber storm, ready for disaster.
The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have released two joint cybersecurity advisories on widespread advanced persistent threat (APT) activity.
Joint Cybersecurity Advisory: AA20-296A Russian State-Sponsored Advanced Persistent Threat Actor Compromises U.S. Government Targets
Joint Cybersecurity Advisory: AA20-296B Iranian State-Sponsored Advanced Persistent Threat Actors Threaten Election-Related Systems
