Since the beginning, two types of computer attacks (known as initial root cause exploits) have composed the vast majority of successful attacks: social engineering and exploiting unpatched vulnerabilities. These two root causes account for somewhere between 50% to 90% of all successful attacks.
Compromised websites (legitimate sites that have been successfully compromised to support social engineering) are serving visitors fake Google Chrome update error messages. “Google Chrome users who use the browser regularly should be wary of a new attack campaign that distributes malware by posing as a Google Chrome update error message,” Trend Micro warns. “The attack campaign has been operational since February 2023 and has a large impact area.”
Elizabeth Harz, CEO of Veriato, gave an interview to ISMG at this year’s RSA Conference in San Francisco. In it, Elizabeth covers the challenges of maintaining data security in the remote or hybrid workforce environment and the rising cost of data breaches. She also discusses some of the tools and solutions and can help businesses better manage their cybersecurity challenges.
In our new vulnerability research report, Forescout Vedere Labs discusses an often-overlooked aspect of Border Gateway Protocol (BGP) security: vulnerabilities in its software implementations. More specifically, vulnerabilities in BGP message parsing found in the popular FRRouting implementation that could be exploited by attackers to achieve a denial of service (DoS) condition on vulnerable BGP peers.
By analyzing over 3,000 websites and over 100,000 associated webpages (using the client-side security scanning feature of Feroot Inspector) across 6 sectors, it was determined that pixels/Trackers transfer data to almost 100 countries around the globe. Table 1 shows the top 40 destinations of data being transferred by pixels/trackers collecting data from the analyzed websites – all of which were US-based.
Professionals working in Cyber Threat Intelligence (CTI) enjoy playing detective, researcher, analyzer, and communicator. With Tines, now there’s a better way to quickly get answers for some of the most common questions that can tip off more strategic (read: exciting, fulfilling, meaningful) threat intelligence research.
The first three pillars of the National Cyber Security Strategy focused on activities that could be accomplished in the near term–perhaps within a few years. The last two pillars start looking at some challenges that we need to address now.
We’ve come a long way since ThreatQ v4 and our own Jay Allmond, UK Threat Intelligence Engineer at ThreatQuotient, recently shared the details during a hands-on webinar that’s now available on-demand. In this 30-minute session that as Jay says, “is light on PowerPoint and heavy on nerdy stuff”, we review the basics of the ThreatQ Platform and dive deep into some of the newest capabilities.
Despite its reputation as a technical field, IT operations require a host of skills and capabilities that are uniquely human. The key to making the most of emerging AI technology is to know how it complements an IT pro, not where it competes.
