Weekly Cyber Security News 12/10/2023
A selection of this week’s more interesting vulnerability disclosures and cyber security news. I wish they hadn’t suggested that using more machines might have brought the Internet down properly…
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
Yes, GitHub's Copilot can Leak (Real) Secrets
Researchers successfully extracted valid hard-coded secrets from Copilot and CodeWhisperer, shedding light on a novel security risk associated with the proliferation of secrets.
Provide Remote Access with a Zero Trust Solution
When adopting a hybrid work model, see how you can provide remote access to private enterprise apps by leveraging a zero trust framework.
Fireside Chat: Leading Global Security and Network Transformation
In an era defined by constant evolution, the ability to drive effective transformation is paramount for organizational success. Watch this webinar to hear Mike Anderson, Chief Digital & Information Officer at Netskope and Dave Mahon, Senior Advisor and former Global CISO at Deloitte, talk about the critical elements of driving organizational change.
What's SIEM? Security Information & Event Management Explained
Effectively detecting, investigating and responding to security threats is not easy. SIEM can help — a lot. SIEM is cybersecurity technology that provides a single, streamlined view of your data, insight into security activities, and operational capabilities so you can stay ahead of cyber threats.
The evolution of phishing attacks
A practical guide to phishing and best practices to avoid falling victim.
Business Email Compromise Attempts Skyrocket in the Last Year
Threat actors launched 156,000 business email compromise (BEC) attempts per day between April 2022 and April 2023, according to Microsoft’s latest Digital Defense Report. While most of these attempts go unanswered, criminals can receive massive payouts when they succeed.
"Human-Operated" Ransomware Attacks Double in the Last Year
As attackers leave little-to-no traces of their attack patterns, more ransomware groups are shifting from automated attacks to manual attacks. According to the newly-released Microsoft Digital Defense Report 2023, about 40% of the ransomware attacks detected were human-driven and tracked back to over 120 ransomware-as-a-service (RWaaS) affiliates. This spike in human-operated ransomware attacks likely goes back to attackers wanting to minimize their footprint within an organization.
Harvested Credentials Are Put Up for Sale Monthly on the Dark Web at a Rate of 10,000 a Month
Credential harvesting has become a business in and of itself within the cybercrime economy. New insight from Microsoft details the types of attacks your organization should watch out for. I’ve attempted to cover every Microsoft 365 credential harvesting attack since the platform is so popular and is an easy target for cybercriminals. But the news coming from their newly-released Microsoft Digital Defense Report 2023 puts this type of attack into perspective.
New Cyber Attack Techniques Will Not Replace Old-School Social Engineering
Even though there are new attack types for cybercriminals, they are still leveraging old-school attack vectors. Why? Because they still work. I cover new attack methods all the time, with recent examples including a sophisticated phishing campaign impersonating Microsoft and an attack last month targeting the Ukrainian military.