Due to the tremendous feedback we received on our first two articles, which shared invaluable cybersecurity advice from industry experts, we’re excited to continue the series with even more insights. In this third installment, we delve deeper into the theme of “Secure Our World” by presenting actionable strategies that anyone can implement to enhance their cybersecurity posture. These expert recommendations emphasize the critical need for tailored security practices, from protecting business operations to safeguarding personal information. No single solution can address every cyber threat, but by adopting these essential steps, organizations and individuals alike can significantly strengthen their defenses and…
Kirsten Doyle
Kirsten Doyle
Kirsten Doyle has been in the technology journalism and editing space for nearly 24 years, during which time she has developed a great love for all aspects of technology, as well as words themselves. Her experience spans B2B tech, with a lot of focus on cybersecurity, cloud, enterprise, digital transformation, and data centre. Her specialties are in news, thought leadership, features, white papers, and PR writing, and she is an experienced editor for both print and online publications.
Information Security Buzz News Editor
Kirsten Doyle has been in the technology journalism and editing space for nearly 24 years, during which time she has developed a great love for all aspects of technology, as well as words themselves. Her experience spans B2B tech, with a lot of focus on cybersecurity, cloud, enterprise, digital transformation, and data centre. Her specialties are in news, thought leadership, features, white papers, and PR writing, and she is an experienced editor for both print and online publications.
Iranian cyber actors are targeting organizations across critical infrastructure sectors, using brute force techniques to obtain user credentials and sell sensitive information on cybercriminal forums. The attacks have affected healthcare, government, information technology, engineering, and energy sectors. This was announced in a coordinated alert by the Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), Communications Security Establishment Canada (CSE), Australian Federal Police (AFP), and Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC). Attack Patterns and Techniques Since October 2023, Iranian threat actors have been leveraging brute force attacks, such as password spraying,…
Leading artificial intelligence (AI) models are failing to meet key European regulatory standards in areas such as cybersecurity resilience and prevention of discriminatory outputs, according to data obtained by Reuters. The EU AI Act is being implemented in phases over the next two years and was introduced to address the growing concerns around the ethical, societal, and safety implications of these technologies, which are becoming increasingly integrated into various aspects of daily life. It is the first comprehensive AI legislation introduced by a major regulatory body. It categorizes AI applications into three risk levels. First, applications deemed to pose an…
Sophisticated and complex threats fuel rapid and profound change in the cybersecurity landscape. Malicious actors are exploiting advanced technologies, like artificial intelligence (AI), to launch more targeted, destructive attacks that are harder to detect. As yesterday’s security solutions battle to keep up, the need for AI-driven cybersecurity solutions has become dire. AI-powered solutions can proactively detect threats and vulnerabilities so organizations can respond more rapidly and effectively. However, no machine is an island, and human expertise is indispensable when navigating the ethical, strategic, and creative dimensions of cybersecurity. AI-Driven Security: A Leap Forward in Cyber Defense AI is a powerful…
In a potentially concerning advancement for global cybersecurity, Chinese researchers have introduced a technique leveraging D-Wave’s quantum annealing systems to breach traditional encryption, which may hasten the timeline for when quantum computers could pose a genuine threat to widely used cryptographic systems. Published under the title “Quantum Annealing Public Key Cryptographic Attack Algorithm Based on D-Wave Advantage,” the paper details how D-Wave’s machines were utilized to compromise RSA encryption and target symmetric encryption systems, raising significant concerns about the future of cybersecurity. Led by Wang Chao from Shanghai University, the research team discovered that D-Wave’s quantum computers can optimize problem-solving…
Mobile device and app security firm Zimperium has discovered a new capability in the notorious banking Trojan TrickMo. Some of the samples the company analyzed are able to steal a device’s unlock pattern or PIN. This new feature enables the malefactor to operate on the device even while it is locked. To obtain the necessary unlock information, the malware shows a fake user interface that mimics the device’s legitimate unlock screen. When users enter their unlock pattern or PIN, the data is transmitted to a PHP script along with the Android ID (a unique device identifier), enabling attackers to correlate…
NHS England’s National Cyber Security Operations Centre (CSOC) has issued a high-severity cyber alert in response to the active exploitation of a critical vulnerability, CVE-2024-40711, in Veeam’s Backup & Replication software. This alert follows Veeam’s security bulletin from September, which addressed one critical and five high-severity vulnerabilities, including CVE-2024-40711. The NHS alert is in line with previous warnings, such as cyber alert CC-4542, highlighting the urgency for rapid patching and other defensive actions. According to the advisory, ransomware groups have been leveraging CVE-2024-40711 as a second-stage exploit to create local Administrator accounts on compromised networks. Executing Remote Code This vulnerability,…
Researchers at Jscrambler have uncovered a new skimming campaign dubbed the “Mongolian Skimmer.” This malware, initially detected through intelligence shared by Sansec, distinguishes itself through its use of unusual Unicode characters to obfuscate JavaScript code. Although at first glance, this may seem like a novel technique, Jscrambler’s experts quickly identified it as a straightforward tactic relying on JavaScript’s capability to use any Unicode character in variable and function names. Obfuscation as a Disguise, Not a Defense The Mongolian Skimmer’s obfuscation methods raised eyebrows due to its odd mix of accented characters, leading some to question whether it might be a…
A whopping almost 32 million records and around 110 TB of data belonging to tech users from Trackman were left exposed to the internet. The database exposed user names, email addresses, device information, IP addresses, and security tokens. They were found by Jeremiah Fowler, a Security Researcher and co-founder of Security Discovery, who reported his findings to Website Planet. He said the records had been sitting in a non-password-protected database for an indeterminate time. TrackMan is a company known for its swing and shot analysis technology used by professional and amateur golfers worldwide. Potential Exploitation Fowler said there were several potential…
We had such an overwhelming response to our first article, which shared industry expert opinions during Cybersecurity Awareness Month, that we’ll be publishing another few articles with more expert insights over the next few weeks. Following on with the theme “Secure Our World,” this second article will once again explore practical, impactful advice that anyone can apply to safeguard their business, data, and personal lives. While there’s no single solution to cover all cyber threats, these insights highlight the importance of adopting fundamental cybersecurity practices tailored to your organization’s specific needs. We asked security professionals for their top recommendations on…