Since the beginning, two types of computer attacks (known as initial root cause exploits) have composed the vast majority of successful attacks: social engineering and exploiting unpatched vulnerabilities. These two root causes account for somewhere between 50% to 90% of all successful attacks.

Compromised websites (legitimate sites that have been successfully compromised to support social engineering) are serving visitors fake Google Chrome update error messages. “Google Chrome users who use the browser regularly should be wary of a new attack campaign that distributes malware by posing as a Google Chrome update error message,” Trend Micro warns. “The attack campaign has been operational since February 2023 and has a large impact area.”

Elizabeth Harz, CEO of Veriato, gave an interview to ISMG at this year’s RSA Conference in San Francisco. In it, Elizabeth covers the challenges of maintaining data security in the remote or hybrid workforce environment and the rising cost of data breaches. She also discusses some of the tools and solutions and can help businesses better manage their cybersecurity challenges.

In our new vulnerability research report, Forescout Vedere Labs discusses an often-overlooked aspect of Border Gateway Protocol (BGP) security: vulnerabilities in its software implementations. More specifically, vulnerabilities in BGP message parsing found in the popular FRRouting implementation that could be exploited by attackers to achieve a denial of service (DoS) condition on vulnerable BGP peers.

By analyzing over 3,000 websites and over 100,000 associated webpages (using the client-side security scanning feature of Feroot Inspector) across 6 sectors, it was determined that pixels/Trackers transfer data to almost 100 countries around the globe. Table 1 shows the top 40 destinations of data being transferred by pixels/trackers collecting data from the analyzed websites – all of which were US-based.

Professionals working in Cyber Threat Intelligence (CTI) enjoy playing detective, researcher, analyzer, and communicator. With Tines, now there’s a better way to quickly get answers for some of the most common questions that can tip off more strategic (read: exciting, fulfilling, meaningful) threat intelligence research.

Fireblocks has launched support for Avalanche’s subnet, Spruce, an EVM-based testnet built for institutional blockchain deployments. Spruce is intended to be used by buy and sell-side institutions looking to experiment with blockchain infrastructure in a low-risk environment. Institutional participants have already begun onboarding onto the testnet, and will be using it to evaluate the advantages of executing and settling trades on-chain for different assets and applications.

The first three pillars of the National Cyber Security Strategy focused on activities that could be accomplished in the near term–perhaps within a few years. The last two pillars start looking at some challenges that we need to address now.