The Cybersecurity Center at Purdue Global has compiled a list of cyber defense articles. Read on to learn more about current trends and challenges in the cybersecurity industry.
OpenSSL Releases Patch for 2 New High-Severity Vulnerabilities
November 1, 2022
“The OpenSSL project has rolled out fixes to contain two high-severity flaws in its widely used cryptography library that could result in a denial-of-service (DoS) and remote code execution.”
Chinese Hackers Using New Stealthy Infection Chain to Deploy LODEINFO Malware
November 1, 2022
“The Chinese state-sponsored threat actor known as Stone Panda has been observed employing a new stealthy infection chain in its attacks aimed at Japanese entities.”
Australia's Lacking Cybersecurity Workforce Results to an Influx in Attacks
October 31, 2022
“Australia has now become the newest target for attacks in part due to an overworked cybersecurity workforce that is not able to stop these bad actors.”
Tips for Choosing a Pentesting Company
October 31, 2022
“In today's world of automated hacking systems, frequent data breaches and consumer protection regulations such as GDPR and PCI DSS, penetration testing is now an essential security requirement for organizations of all sizes. But what should you look for when choosing the right provider?”
Samsung Galaxy Store Bug Could've Let Hackers Secretly Install Apps on Targeted Devices
October 31, 2022
“A now-patched security flaw has been disclosed in the Galaxy Store app for Samsung devices that could potentially trigger remote command execution on affected phones.”
Arlington Cybersecurity Firm Spun out of Graham Holdings Merges with Another, Raises Funding
October 26, 2022
“An Arlington cybersecurity training and education platform that spun out of Graham Holdings Co. (NYSE: GHC) years ago is now merging with a Maryland firm to create a cyber media and education brand that's already raised a $5.4 million round of funding.”
Why Artificial Intelligence Is Must for Cybersecurity
September 15, 2022
Artificial intelligence (AI) is a valuable tool for cybersecurity, due to its strengths in helping organizations not only to increase security, but also to protect data. What implication will the widespread implementation of AI in cybersecurity have on companies and staffing?
Token-Mining Weakness in Microsoft Teams Makes for Perfect Phish
September 15, 2022
Cybersecurity firm Vectra recently discovered that Microsoft Teams stores unencrypted authentication tokens, allowing attackers with local or remote system access to steal employee credentials and expand their access across the company’s network. While Microsoft acknowledges the issue, it says a patch is not necessary.
Ransomware Attacks Rising Against Japanese Organizations
September 15, 2022
Japan is seeing an increase in cybercrime—specifically ransomware attacks. The country’s National Police Agency recently revealed that 114 ransomware cyberattacks were conducted against Japanese corporations and organizations in the first half of 2022, compared to 61 cases for the same timeframe in 2021.
Top 3 Data Security Risks Facing Businesses
September 14, 2022
Executives have learned—some the hard way—that one of the costs of doing business in the Digital Age is ensuring their organization and its data are protected as cyberattacks continue to become more and more sophisticated. This article looks at the top 3 data security risks affecting businesses.
September 14, 2022
The U.S. Attorney’s Office in the District of New Jersey has indicted three Iranian nationals for allegedly coordinating a multi-year hacking and ransomware campaign to gain unauthorized access to hundreds of computer systems in the United States, as well as the United Kingdom, Israel, and Iran.
Popular School Messaging App Hacked to Send Explicit Image to Parents
September 14, 2022
School districts in Illinois, New York, Oklahoma, and Texas have reported that an explicit photo was sent to parents via Seesaw, a messaging app for parents and teachers. Seesaw states that hackers breached individual user accounts through a credential stuffing attack.
U.S. Tech Firms Forbidden to Manufacture in China
September 12, 2022
The CHIPS and Science Act, which was signed into law last month to increase domestic production of semiconductor chips in the United States and decrease the country’s reliance on Chinese semiconductor manufacturers, includes a provision preventing U.S. tech firms from receiving federal funding for utilizing technology factories in China for at least 10 years.
Student Loan Breach Exposes 2.5M Records
August 31, 2022
“There were 2.5 million people affected in a breach that could spell more trouble down the line.”
Cybercriminals Are Selling Access to Chinese Surveillance Cameras
August 25, 2022
“Tens of thousands of cameras have failed to patch a critical, 11-month-old CVE, leaving thousands of organizations exposed.”
Fake Reservation Links Prey on Weary Travelers
August 22, 2022
“Fake travel reservations are exacting more pain on the travel-weary already dealing with the misery of canceled flights and overbooked hotels.”
Snapchat and Amex Abused to Target Microsoft 365 Users
August 9, 2022
Earlier in 2022, threat actors were found to be sending phishing emails to use open redirects to scam Amex and Snapchat customers, using personalized sites to trick people into revealing personal information.
Twilio Suffers Phishing Based Data Breach
August 9, 2022
Hackers tricked employees of communications giant Twilio into revealing corporate login credentials, which enabled them to gain further access to corporate customer accounts.
The Truth About False Positives in Security
August 9, 2022
False positives in cybersecurity can be a pain, but they might also indicate scans that search more broadly, which is preferable to those that might give false negatives.
Chinese Hackers Targeted Dozens of Industrial Enterprises and Public Institutions
August 9, 2022
Over the course of the year, attackers believed to be linked to China have targeted more than a dozen industrial plants, research institutes, and government agencies in Afghanistan and Europe.
The Benefits of Building a Mature and Diverse Blue Team
August 8, 2022
Being in a cyberdefense role might not be as alluring as offense, but it can carry exciting challenges, including research and pre-mitigation planning against potential threats.
Universities Put Email Users at Cyber Risk
August 2, 2022
Many of the top universities in the United States and abroad have some of the worst levels of even basic cybersecurity protection, a recent analysis found.
Malicious Npm Packages Tapped Again to Target Discord Users
July 29, 2022
Using the node package manager (npm) repository, hackers recently distributed malware to steal Discord tokens and monitor users’ chats and interactions.
The Digital Gold Rush: Football, Ransomware, and the Bottom Line
June 3, 2022
Ransomware continues to be a major threat for government agencies and private companies, with the San Francisco 49ers football team being a recent high-profile case of attack.
5 Challenges for Securing the Future
June 2, 2022
Cybersecurity requires strong action on both the individual and industry level, including acknowledging individual accountability, closely observing the software supply chain, and enforcing good cyber “hygiene.”
Why You Need Cybersecurity on the Farm
June 1, 2022
Ransomware is becoming an increasing problem everywhere, including the agricultural sector, particularly as farm equipment is growing more automated and farmers cannot afford a delay from their systems getting locked out.
Are You Sure You Can Trust That AI?
May 31, 2022
As more of our digital infrastructure begins to take interest in artificial intelligence, standards must be developed to ascertain their trustworthiness, the soundness of their data models, and how they can be retrained should their models change.
Cyber Insurance Policies Grow Pricey Amid Rising Hacks, Lawsuits
May 31, 2022
Companies seeking insurance policies against cyber attacks are finding new difficulties in acquiring policies that work for them. Increased risk for policyholders and rising demand are driving uncertainty in the market.
Feds Release Grim Reminder: Threat Actors Prey on Basic Security Mishaps
May 20, 2022
A joint advisory for the United States, United Kingdom, Canada, Australia, and New Zealand reminds international companies of the need to strength cybersecurity as NATO allies find themselves targeted by Russia-sympathetic actors.
5 Types of Cybersecurity Skills That IT Engineers Need
April 25, 2022
IT operations engineers aren’t always the first line of cybersecurity, but their skills can provide valuable overlap, and they configure the cloud environments that can be vulnerable without proper care.
Finding Attack Paths in Cloud Environments
April 12, 2022
Hackers have evolved their plans of attack to accommodate companies’ increased reliance on cloud infrastructure. Tools are available to help companies figure out where they are vulnerable (or even already compromised) and what they can do to shore up their defenses.
Google, GitHub Collaboration Focuses on Securing Code Build Processes
April 11, 2022
Google and GitHub are working together to secure the software supply chain through Supply chain Levels for Software Artifacts (SLSA), a method of maintaining end-to-end integrity that can’t be forged.
Countdown to New Privacy Laws: How Businesses Should Prepare
April 11, 2022
California and Virginia will see new privacy laws go into effect at the start of 2023; Colorado will follow on July 1, 2023. These new laws will create a need for national businesses to prepare for new regulations.
Broader Investment in Cybersecurity Beginning to Pay Dividends
April 7, 2022
A recent report shows that increased cybersecurity investment is translating into better response against ransomware, as the ransoms are becoming smaller and the response time greater.
Zoom Awarded $1.8 Million in Bug Bounty Rewards over 2021
April 7, 2022
Bug bounty programs can be a real boon, allowing outside programmers to make some money and provide much-needed technical aid for companies. Zoom’s recent bug hunt drew more than 800 researchers and ethical hackers in 2021.
Cybersecurity Is IT’s Job, Not the Board’s, Right?
April 5, 2022
Cybersecurity doesn’t just depend on IT—company directors are also facing increased scrutiny from cyberattacks, and corporate boards are drawing questions about whether their members include cybersecurity experts.
Cyberwar Could Target Traffic Lights or Braking Systems, Says Expert
March 7, 2022
Recent hacks on both the Ukrainian and Russian sides have affected even people not involved in the hostilities, and even vehicle charging stations. This demonstrates how increasingly connected systems are vulnerable to cyberattack.
Understanding How Hackers Recon
March 7, 2022
Before a cyberattack, hackers will often engage in reconnaissance—examining the technology in use, the servers and their security, and whether users’ email addresses and credentials can be purchased from previous hacking attempts.
How Russian Cybersecurity Threats Reached a Small-Town Ohio Manufacturer
March 3, 2022
Russia’s attack on Ukraine was felt thousands of miles away in a small business in Ohio. Because the Ohio company makes parts that go into defense equipment, they were one of many military contractors alerted about potential cybersecurity disruptions stemming from sanctions on Russia.
Cyber-Attacks Are Inevitable: Prioritize Data Skills Training to Reduce Risk
March 3, 2022
As data control becomes more difficult in the era of hybrid workplaces, the old methods of standard data and compliance training is no longer sufficient. Because so many cyberattacks are the result of human error, companies should invest in data literacy training.
Phishing Campaign Targeted Those Aiding Ukraine Refugees
March 3, 2022
Cyberattackers phished European Union government employees using a compromised Ukrainian military email address to trick targets into opening malware. The suspected goal was to gain intelligence on NATO member countries’ movement of funds, supplies, and refugees.
Tensions Shine Spotlight on Protecting Critical Infrastructure
March 2, 2002
Russia’s attacks on Ukraine are drawing focus to cybersecurity, particularly business continuity and disaster recovery plans. It can be key to be able to recover from an enormous cyberattack in a volatile landscape.
Enterprise Data Management Is Projected to Reach U.S. $136.4 Billion by 2026
January 31, 2022
The market for enterprise data management solutions is expected to continue to grow annually over the next few years, strengthened by the increased prominence of working from home due to the COVID-19 pandemic.
Over 20,000 Data Center Management Systems Exposed to Hackers
January 29, 2022
Researchers have discovered over 20,000 instances where the infrastructure that governs data centers was vulnerable to public exposure. While the information in the data centers was protected, the systems that controlled such necessities as heating and cooling, humidity control, and passwords were not, creating a potential security risk.
68K Affected by Data Theft, ‘Sophisticated’ Network Hack of Health Nonprofit Advocates
January 28, 2022
Data belonging to about 68,000 people who received services from Advocates, a health nonprofit based in Massachusetts, as well as some employees, was stolen during a hack in September 2021. The stolen data includes names, Social Security numbers, and insurance information.
Why IT Needs Smarter Cloud Security
January 24, 2022
As hybrid work models become more popular, emphasizing the greater need for cloud services and remote access, IT and cybersecurity professionals must face a rapidly changing threat landscape, particularly in the cloud.
Alibaba’s Cloud Arm Facing U.S. National Security Probe
January 19, 2022
The U.S. government is investigating Chinese cloud data company Alibaba, to assess possible security risks, how the company stores client data, and its relationship with the Chinese government. Though American use of the service is small, the U.S. might opt to impose restrictions.
Ukraine: Recent Cyber Attacks Part of Wider Plot to Sabotage Critical Infrastructure
January 18, 2022
Ukraine confirmed that recent cyberattacks and malware intrusions against their government websites are part of a coordinated effort to compromise that country’s critical infrastructure, though the attacker’s identity is not yet confirmed.
The Supply Chain Needs Better Cybersecurity and Risk Management
January 17, 2022
The ongoing supply chain shortage is affecting companies worldwide, making its cybersecurity of paramount importance if normal function is to resume. Cybercrime has flourished during the COVID-19 pandemic, and the supply chain needs stronger security measures.
U.S. Cyber Command Links 'MuddyWater' Hacking Group to Iranian Intelligence
January 12, 2022
The hacking group MuddyWater was recently linked to the Iranian Ministry of Intelligence and Security by the U.S. Cyber Command. MuddyWater has been responsible for a variety of cyberattacks since 2017.