In recent years, especially with hybrid work, almost everyone uses an iOS or Android device for work. In fact, in a recent survey, Lookout found that 92% of remote workers use their personal laptops or smartphones for work tasks, with 46% of them having saved files onto their devices. Now that employees expect to be productive from anywhere, organizations across all industries have become more relaxed with allowing the use of personal devices with bring-your-own-device (BYOD) programs.

Phishing is a familiar criminal tactic. It’s also used by intelligence services for cyber espionage campaigns. On Friday, April 28th, 2023, CERT-UA, Ukraine’s Computer Emergency Response Team, reported that Russian operators are sending phishing emails that misrepresent themselves as sending instructions on installing a Windows security update.

Since the beginning, two types of computer attacks (known as initial root cause exploits) have composed the vast majority of successful attacks: social engineering and exploiting unpatched vulnerabilities. These two root causes account for somewhere between 50% to 90% of all successful attacks.

Compromised websites (legitimate sites that have been successfully compromised to support social engineering) are serving visitors fake Google Chrome update error messages. “Google Chrome users who use the browser regularly should be wary of a new attack campaign that distributes malware by posing as a Google Chrome update error message,” Trend Micro warns. “The attack campaign has been operational since February 2023 and has a large impact area.”

Threat actors have turned cybercrime into big business — a $1.5T USD industry where a ransomware attack occurs every 11 seconds. Each year, the cybersecurity industry works diligently to launch and refine tools, technologies, and solutions. The bad news? So do cybercriminals. Their nefarious innovations continue to leave organizations reeling from cyber attacks that steal data, damage reputations, and put serious dents in annual budgets.

Elizabeth Harz, CEO of Veriato, gave an interview to ISMG at this year’s RSA Conference in San Francisco. In it, Elizabeth covers the challenges of maintaining data security in the remote or hybrid workforce environment and the rising cost of data breaches. She also discusses some of the tools and solutions and can help businesses better manage their cybersecurity challenges.

In our new vulnerability research report, Forescout Vedere Labs discusses an often-overlooked aspect of Border Gateway Protocol (BGP) security: vulnerabilities in its software implementations. More specifically, vulnerabilities in BGP message parsing found in the popular FRRouting implementation that could be exploited by attackers to achieve a denial of service (DoS) condition on vulnerable BGP peers.

By analyzing over 3,000 websites and over 100,000 associated webpages (using the client-side security scanning feature of Feroot Inspector) across 6 sectors, it was determined that pixels/Trackers transfer data to almost 100 countries around the globe. Table 1 shows the top 40 destinations of data being transferred by pixels/trackers collecting data from the analyzed websites – all of which were US-based.

Professionals working in Cyber Threat Intelligence (CTI) enjoy playing detective, researcher, analyzer, and communicator. With Tines, now there’s a better way to quickly get answers for some of the most common questions that can tip off more strategic (read: exciting, fulfilling, meaningful) threat intelligence research.

Fireblocks has launched support for Avalanche’s subnet, Spruce, an EVM-based testnet built for institutional blockchain deployments. Spruce is intended to be used by buy and sell-side institutions looking to experiment with blockchain infrastructure in a low-risk environment. Institutional participants have already begun onboarding onto the testnet, and will be using it to evaluate the advantages of executing and settling trades on-chain for different assets and applications.