Author: Kirsten Doyle

Cybersecurity firm ESET has identified a new China-aligned threat actor, dubbed “CeranaKeeper,” operating across Southeast Asia, with a primary focus on Thailand. CeranaKeeper has been carrying out widespread data exfiltration campaigns since early 2022, primarily targeting governmental institutions. The findings mark a significant development in the region’s ongoing cyber threat landscape, particularly given the group’s sophisticated techniques and use of both common and custom tools. CeranaKeeper vs. Mustang Panda: A New Threat Actor Emerges Initially, some of CeranaKeeper’s activities were attributed to the China-linked advanced persistent threat (APT) group Mustang Panda. However, ESET researchers have now determined that CeranaKeeper operates…

The US Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about two critical vulnerabilities in Optigo Networks’ ONS-S8 Spectra Aggregation Switch, a key component in critical infrastructure systems. These vulnerabilities, which affect all versions of the switch up to and including version 1.3.7, are a significant risk of remote code execution and authentication bypass. High-Risk Vulnerabilities The vulnerabilities, identified as CVE-2024-41925 and CVE-2024-45367, were discovered by Claroty’s Team82 and have been classified as critical. Each has a CVSS v4 score of 9.3. According to CISA, these flaws could enable malicious actors to remotely bypass authentication and execute arbitrary…

This year’s Cybersecurity Awareness Month theme, “Secure Our World,” emphasizes the importance of simple yet powerful measures everyone can take to protect their businesses, data, and loved ones. While there is no silver bullet to safeguard against all cyber threats, implementing basic best practices can significantly reduce risk. Information Security Buzz spoke with several security experts and asked them, “What’s the one piece of advice that could make a difference?” Their responses highlight that cybersecurity is not one-size-fits-all—each organization must tailor its approach to its unique needs and vulnerabilities. However, these foundational steps can help build a more secure world…

This year, Cybersecurity Awareness Month is themed “Secure Our World,” a stark reminder that simple measures can protect businesses from online threats. The week emphasizes four key strategies: using strong passwords and password managers, turning on multifactor authentication (MFA), recognizing and reporting phishing, and updating software. While this message is accurate, and all these elements are a move towards more robust authentication, there’s an even better way than managing solid and unique passwords – adopting passkeys. For decades, passwords have been the cornerstone of securing computer systems and applications, but they’ve outlived their utility. Many data breaches happen due to…

Organizations of every size and in every industry must adhere to stringent compliance standards. Regulations like the Health Insurance Portability and Accountability Act (HIPAA), the General Data Protection Regulation (GDPR), and the Payment Card Industry Data Security Standard (PCI DSS) demand rigorous data protection measures. A solid Security Information and Event Management (SIEM) platform offers threat management and a thorough and centralized view of the company’s security posture. It also automates security processes and real-time threat detection and generates comprehensive audit reports—all of which help businesses maintain compliance and minimize security risks. In this blog, we’ll explore how SIEM platforms…

The healthcare industry is a magnet for cybercriminals, and it’s easy to see why. First, the treasure trove of personal health information (PHI) is incredibly valuable—from detailed medical histories to sensitive financial data, this information isn’t just gold—it’s like striking it rich for hackers. But it’s not just the data that appeals; it’s the critical nature of healthcare itself. Imagine the chaos if a hospital’s systems were to go dark or a patient’s data were to be compromised—there would be severe, potentially life-threatening consequences. This makes healthcare organizations more inclined to pay ransoms or meet other demands to restore their…

Advanced Computer Software Group Ltd (Advanced) is facing a provisional fine of £6.09 million following a 2022 ransomware attack that disrupted NHS and social care services. The Information Commissioner’s Office (ICO) has preliminarily determined that the company failed to implement adequate measures to protect the personal information of 82,946 individuals, including sensitive data. Advanced, a key IT and software services provider to national organizations like the NHS, serves as a data processor, handling personal information on behalf of these entities. The ransomware incident, which occurred in August 2022, involved hackers accessing several of Advanced’s health and care systems through a…

Today’s businesses rely heavily on technology to streamline operations, enhance productivity, and connect with customers. However, this dependency has also opened the door to a growing threat: ransomware attacks. By 2031, the cost of ransomware attacks is estimated to reach $265 billion (USD) annually. The rapid growth of ransomware attacks has made this cyber threat a top concern for businesses worldwide. The number of attacks surged by 55.5% in 2023, with 4,368 documented cases and only a fraction of reported attacks. As an executive, understanding the potential impact of ransomware on your business and taking proactive steps to mitigate these…

We live in an era where customers demand convenience and instant gratification and want to use their smartphones and mobile devices to access their apps and services instantly. At the same time, trust in established brands such as Google or Apple makes customers more comfortable logging in to apps or websites using credentials like AppleID rather than sharing sensitive data directly with unfamiliar businesses. However, this can only be done through an effective authentication mechanism to verify the identity of users and ensure that only authorized people can access sensitive resources or perform specific actions within the application. Therein lies…