Mar 17, 2023 – Mobile Security / Scam Alert: A new Android malware campaign known as FakeCalls is targeting South Korean users by disguising itself as popular financial apps. FakeCalls has the functionality to extract private data from the victim’s device and can imitate phone conversations with a bank customer support agent. It has also…
The last three years have been characterized by rapid change, particularly with regards to tech infrastructure. Digital transformation was accelerated by the pandemic, and it became clear that cybersecurity must become a priority. Cybersecurity has become a competitive advantage, and the best CISOs now act as Chief Resilience Officers. Healthcare delivery organizations (HDOs) were hit…
The US Cybersecurity and Infrastructure Security Agency (CISA) has launched a pilot program to warn critical infrastructure organizations if their systems contain vulnerabilities that may be exploited in ransomware attacks. The new Ransomware Vulnerability Warning Pilot (RVWP) kicked off on January 30 and is meant to help those organizations that might be unaware that a…
The National Motor Freight Traffic Association (NMFTA) has appointed Antwan Banks as its director of enterprise security as part of the organization’s shift towards end-to-end security for the trucking industry. Banks will lead the organization’s cybersecurity practice, and work with its partners and members to ensure the safety and security of the supply chain in…
Various industrial cybersecurity companies have recently released reports with conflicting numbers regarding the number of vulnerabilities found in industrial control system (ICS) products in 2022. In an attempt to understand these discrepancies and trends, SecurityWeek has examined the methods employed by these companies in their research. Some companies have reported seeing an increase in the…
The CISA, or US Cybersecurity and Infrastructure Security Agency, has recently included two vulnerabilities that affect Plex and VMware products in their Known Exploited Vulnerabilities (KEV) catalog. CVE-2020-5741 is a high-severity flaw in Plex Media Server that is described as a deserialization issue that can be exploited to execute arbitrary Python code, remotely. The vulnerability…
Medical technology developer Zoll Medical recently announced that they have identified a potential data breach that may have compromised the personal information of roughly one million individuals. Zoll develops and markets medical equipment and software for advanced emergency care, such as cardiac monitoring and oxygen therapy. The breach was discovered at the end of January,…
Cloud computing vendor Blackbaud has been slapped with a $3 million civil penalty by the Securities and Exchange Commission (SEC) for making misleading disclosures about a 2020 ransomware attack that impacted more than 13,000 customers. The SEC found that Blackbaud was not forthcoming about the extent of the data-extortion malware attack and left out material…
Many CISOs and security experts often express the sentiment of wanting to stop threats regardless of the attacker’s identity. However, solely focusing on stopping the attack may not be the most effective approach towards ensuring protection against malicious actors. To truly halt an attack, it is crucial to disrupt the attacker’s infrastructure and financial flow,…