Tag: communications
-
‘Secure email’: A losing battle CISOs must give up
End-to-end encryption remains elusive: Email continues to be the dominant electronic communication tool today because it is well understood, relatively easy to use, and relatively inexpensive. By and large, businesses have approved email for sending confidential information, and we often convince ourselves that it is secure, can be secured with third-party tools, or it’s “good…
-
The Hidden Cyber Risks in Your Executive Team’s Digital Footprint
Executive Team’s Digital Footprint Exposure Is Real Executives, board members, and other high-profile users carry more than just influence they carry risk. With access to strategic assets, critical systems, and high-trust communications, these individuals are prime targets for threat actors. And in the age of oversharing, infostealers, and deepfakes, an executive’s digital footprint becomes… First…
-
Operation Endgame 2.0: DanaBusted
Tags: access, attack, backup, banking, breach, business, cloud, communications, control, crypto, cybercrime, data, defense, detection, email, espionage, firewall, fraud, government, group, Hardware, infection, intelligence, international, law, malicious, malware, middle-east, network, programming, ransomware, russia, service, supply-chain, switch, threat, tool, ukraine, update, windowsIntroductionOn May 22, 2025, international law enforcement agencies released information about additional actions that were taken in conjunction with Operation Endgame, an ongoing, coordinated effort to dismantle and prosecute cybercriminal organizations, including those behind DanaBot. This action mirrors the original Operation Endgame, launched in May 2024, which disrupted SmokeLoader, IcedID, SystemBC, Pikabot, and Bumblebee. Zscaler…
-
Critical infrastructure under attack: Flaws becoming weapon of choice
Tags: access, attack, authentication, breach, china, citrix, communications, control, cve, cyber, cybersecurity, dark-web, data-breach, defense, exploit, flaw, fortinet, government, group, hacker, healthcare, ibm, identity, incident, infrastructure, intelligence, iran, kev, login, mfa, monitoring, moveIT, network, ransomware, risk, service, software, strategy, supply-chain, threat, update, vpn, vulnerability, zero-dayTrade in exploit code: IBM’s X-Force found four of the 10 most mentioned common vulnerabilities and exposures (CVEs) on the dark web were linked to sophisticated threat actor groups, including nation-state intelligence agencies.”Exploit codes for these CVEs were openly traded on numerous forums, fueling a growing market for attacks against power grids, health networks, and…
-
4 ways to safeguard CISO communications from legal liabilities
Tags: ciso, communications, corporate, cyber, data, defense, governance, government, incident, jobs, law, privacy, regulation, risk, vulnerabilityPay attention to the medium: CISOs also need to pay attention to what they say based on the medium in which they are communicating. Pay attention to “how we communicate, who we’re communicating with, what platforms we’re communicating on, and whether it’s oral or written,” Angela Mauceri, corporate director and assistant general counsel for cyber…
-
New Phishing Attack Poses as Zoom Meeting Invites to Steal Login Credentials
A newly identified phishing campaign is targeting unsuspecting users by masquerading as urgent Zoom meeting invitations from colleagues. This deceptive tactic leverages the familiarity and trust associated with workplace communications to lure victims into a trap designed to steal their login credentials. Cybersecurity researchers have flagged this attack for its realistic approach, which includes a…
-
Is it Illegal to Listen to a Podcast or Watch a Movie Online?
Tags: communicationsDefining wire communications, and whether the wiretap statute makes it illegal to listen to a podcast or watch a movie online? First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/05/is-it-illegal-to-listen-to-a-podcast-or-watch-a-movie-online/
-
CISA Alerts on Active Exploitation of Zero-Day Vulnerability in Multiple Fortinet Products
Tags: cisa, communications, cve, cyber, cybersecurity, detection, email, exploit, fortinet, infrastructure, network, vulnerability, zero-dayThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning regarding five zero-day vulnerabilities affecting multiple Fortinet products, after evidence emerged of active exploitation in the wild. The vulnerabilities, tracked as CVE-2025-32756, impact Fortinet’s FortiVoice, FortiMail, FortiNDR, FortiRecorder, and FortiCamera platforms, widely used in enterprise environments for unified communications, email, network detection,…
-
CTM360 Identifies Surge in Phishing Attacks Targeting Meta Business Users
A new global phishing threat called “Meta Mirage” has been uncovered, targeting businesses using Meta’s Business Suite. This campaign specifically aims at hijacking high-value accounts, including those managing advertising and official brand pages.Cybersecurity researchers at CTM360 revealed that attackers behind Meta Mirage impersonate official Meta communications, tricking users into handing First seen on thehackernews.com Jump…
-
CISA’s alert pivot reflects a new era of decentralized cyber threat communication
Tags: access, cisa, ciso, communications, cyber, cybersecurity, email, exploit, incident response, intelligence, kev, monitoring, risk, strategy, threat, tool, update, vulnerabilityFrom centralized alerts to multi-channel intelligence: CISA’s shift means enterprises must now adopt a more proactive approach to gathering threat intelligence. While the agency isn’t reducing the volume of information shared, the distribution model now demands a more decentralized, digitally savvy strategy from recipients.This change empowers organizations to refine how they consume alerts, Varkey said.…
-
Sicherheit ist mehr als Verschlüsselung: Drei Tipps, wie Unternehmen ihre Kommunikation sicherer machen
Der aktuelle Signal-Leak der US-Regierung zeigt ein grundsätzliches Problem: Sicherheit in der Kommunikation ist nicht nur äußerst wichtig, sondern auch sehr komplex. Wird sie missachtet, entstehen Image- und Vertrauensverluste oder finanzielle oder Wettbewerbsrisiken. Wie können sich Unternehmen schützen und vorbereiten? Was sollten sie beachten? Wildix, Anbieter von Unified Communications as a Service, gibt drei Praxistipps……
-
India-Pakistan conflict underscores your C-suite’s need to prepare for war
Tags: business, ciso, communications, conference, cyber, cyberattack, data-breach, disinformation, government, india, infrastructure, military, network, russia, service, supply-chain, ukraine, update, usa, vulnerabilityHow the India-Pakistan conflict raises the stakes: Should the conflict between these two nuclear powers escalate and become a full-blown war, the disruption to supply chains, research and development, and support services has the potential to be significant. Pakistan’s technical hubs in Karachi, Lahore, and Islamabad will be placed in jeopardy. India’s technical hubs in…
-
Cyberattacks on Critical Infrastructures Makes Us Very Vulnerable
Tags: attack, communications, cyber, cyberattack, cybersecurity, data, healthcare, infrastructure, linkedin, strategy, update, vulnerabilityMany don’t realize that cyberattacks against Critical Infrastructure sectors, can cause more than an inconvenience of a temporary power outage. Critical Infrastructures are a favorite of aggressive Nation State cyber threats. In addition to communications disruptions, power outages, and healthcare billing, these attacks can also seek to disrupt food distribution. The result empty shelves…
-
Signal Clone Used by Mike Waltz Pauses Service After Reports It Got Hacked
The communications app TeleMessage, which was spotted on former US national security adviser Mike Waltz’s phone, has suspended “all services” as it investigates reports of at least one breach. First seen on wired.com Jump to article: www.wired.com/story/signal-clone-used-by-mike-waltz-pauses-service-after-reports-it-got-hacked/
-
Co-op instructs staff to be wary of lurking hackers
Co-op tells staff to stop using their VPNs and be wary that their communications channels may be being monitored, as a cyber attack on the organisation continues to develop. First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366623309/Co-op-instructs-staff-to-be-wary-of-lurking-hackers
-
Nebulous Mantis Targets NATO-Linked Entities with Multi-Stage Malware Attacks
Tags: access, attack, communications, control, cyber, cybersecurity, espionage, group, infrastructure, malware, rat, russia, tacticsCybersecurity researchers have shed light on a Russian-speaking cyber espionage group called Nebulous Mantis that has deployed a remote access trojan called RomCom RAT since mid-2022.RomCom “employs advanced evasion techniques, including living-off-the-land (LOTL) tactics and encrypted command and control (C2) communications, while continuously evolving its infrastructure leveraging First seen on thehackernews.com Jump to article: thehackernews.com/2025/04/nebulous-mantis-targets-nato-linked.html
-
Proofpoint Leverages AI to Extend Scope of Cybersecurity Reach
Proofpoint has expanded its ability to thwart multistage cyberattacks spanning multiple communications channels while at the same time extending its reach into data security posture management (DSPM). First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/04/proofpoint-leverages-ai-to-extend-scope-of-cybersecurity-reach/
-
EU’s Chat Control Proposal: Balancing Child Protection and Digital Rights
The EU’s Chat Control proposal presents a critical dilemma: protecting children from online abuse without compromising privacy and security. This comprehensive analysis decodes the legislation’s technical implications and what it means for encrypted communications worldwide. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/04/eus-chat-control-proposal-balancing-child-protection-and-digital-rights/
-
WhatsApp introduces Advanced Chat Privacy to protect sensitive communications
WhatsApp adds Advanced Chat Privacy feature that allows users to block others from sharing chat content outside the app. WhatsApp announced the availability of a new feature called >>Advanced Chat Privacy
-
Critical Patch Update Announcement in April for All Oracle Products
Overview On April 16, 2025, NSFOCUS CERT detected that Oracle officially released the Critical Patch Update (CPU) for April. A total of 390 vulnerabilities with different degrees were fixed this time. This security update involves Oracle MySQL Connectors, Oracle MySQL Server, Oracle Java SE, Oracle Fusion Middleware, Oracle Financial Services Applications, Oracle Communications Applications and…The…
-
Hertz Data Breach Exposes Customer Information in Cleo Zero-Day Attack
Hertz has confirmed a data breach exposing customer data after a zero-day attack targeting file transfer software from Cleo Communications First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/hertz-data-breach-exposes-customer/
-
Oracle April 2025 Critical Patch Update Addresses 171 CVEs
Oracle addresses 171 CVEs in its second quarterly update of 2025 with 378 patches, including 40 critical updates. Background On April 15, Oracle released its Critical Patch Update (CPU) for April 2025, the second quarterly update of the year. This CPU contains fixes for 171 unique CVEs in 378 security updates across 32 Oracle product…
-
Blockchain, Quantum, and IoT Firms Unite to Secure Satellite Communications Against Quantum Threats
Partisia, Squareroot8, and NuSpace join forces in a global partnership to advance quantum-safe communications. The post Blockchain, Quantum, and IoT Firms Unite to Secure Satellite Communications Against Quantum Threats appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/blockchain-quantum-and-iot-firms-unite-to-secure-satellite-communications-against-quantum-threats/
-
Top Four Considerations for Zero Trust in Critical Infrastructure
Tags: access, ai, attack, authentication, automation, best-practice, breach, business, cctv, ceo, cloud, communications, compliance, corporate, cyber, cybersecurity, data, defense, email, encryption, exploit, finance, group, hacker, healthcare, identity, infrastructure, iot, law, malicious, mfa, nis-2, privacy, regulation, risk, saas, service, software, strategy, threat, tool, vulnerability, zero-trustTop Four Considerations for Zero Trust in Critical Infrastructure madhav Tue, 04/15/2025 – 06:43 TL;DR Increased efficiency = increased risk. Critical infrastructure organizations are using nearly 100 SaaS apps on average and 60% of their most sensitive data is stored in the cloud. Threat actors aren’t naive to this, leading to a whopping 93% of…
-
Reimagining Democracy
Imagine that all of us”, all of society”, have landed on some alien planet and need to form a government: clean slate. We do not have any legacy systems from the United States or any other country. We do not have any special or unique interests to perturb our thinking. How would we govern ourselves?…
-
Is HR running your employee security training? Here’s why that’s not always the best idea
Tags: attack, awareness, best-practice, breach, business, ciso, communications, compliance, cyber, cybersecurity, data, finance, guide, healthcare, privacy, resilience, risk, security-incident, service, threat, training, vulnerabilityHR doesn’t have specialized security knowledge: Another limitation is that an organization’s security training can be a component in maintaining certain certifications, compliance, contractual agreements, and customer expectations, according to Hughes.”If that’s important to your organization, then security, IT, and compliance teams will know the subjects to cover and help guide in the importance of…
-
Casper-Malware: Neuer Spionage-Cartoon nach Babar und Bunny
Im März 2014 veröffentlichte die französische Zeitung Le Monde einen Bericht darüber, dass das Communications Security Establishment Canada (CSEC) Frankreich verdächtige, für Spionage-Zwecke schädliche Software zu entwickeln. Der Bericht basierte auf einer Präsentation, die im Zuge der NSA-Affäre um Edward Snowden offengelegt wurde. First seen on welivesecurity.com Jump to article: www.welivesecurity.com/deutsch/2015/03/05/casper-malware-neuer-spionage-cartoon-nach-babar-und-bunny/