Famous Sparrow APT flocks to hotels, government, and businesses.

Views expressed in this cybersecurity, cybercrime, and information security update are those of the reporters and correspondents.

Accessed on 24 September 2021, 1337 UTC.

Content supplied by “Darkreading.com.”

Source:  https://www.darkreading.com/

Please scroll down to read your selections.

Latest News

Google Spots New Technique to Sneak Malware Past Detection Tools

The operator behind OpenSUpdater is using a new way to sneak adware and other malware past security tools.

FamousSparrow APT Group Flocks to Hotels, Governments, Businesses

The cyber espionage group has a custom backdoor and has added the ProxyLogon Microsoft Exchange flaw to its toolkit.

Apple Patches Zero-Days in iOS, Known Vuln in macOS

One of the iOS vulnerabilities was discovered by Citizen Lab; the Google Threat Analysis Group reported iOS and macOS flaws.

Microsoft Exchange Autodiscover Flaw Leaks Thousands of Credentials

Researchers claim to have accessed hundreds of thousands of Windows credentials using a bug in the Autodiscover protocol.

Password Reuse Problems Persist Despite Known Risks

The vast majority of users worry about compromised passwords, but two-thirds continue to use the same password or a variation, a survey finds.

6 Lessons From Major Data Breaches This Year

Though many incidents stemmed from familiar security failures, they served up — or resurfaced — some important takeaways.

Who Is BlackMatter?

Researchers piece together the origins of the group that made headlines this week as the perpetrator behind a ransomware attack on New Cooperative.

Strained Relationships Hinder DevSecOps Innovation

A new survey from Forrester and VMware finds more than half of developers still think security gets in the way.

Latest Commentary

How to Implement a Security Champions Program

A Security Champions program is a great way to enhance security maturity, reduce vulnerabilities, and make security top of mind throughout the business.

Sep 23, 2021

NIST Brings Threat Modeling into the Spotlight

NIST recommendations typically become part of government procurement, which means threat modeling will soon be written into questions for organizations that sell to the federal government.

Sep 23, 2021

UK MoD Data Breach Shows Cybersecurity Must Protect Both People and Data

The UK MoD has failed to protect personally identifiable information (PII) for Afghan interpreters; the incident highlights how avoidable cybersecurity mistakes can have devastating consequences.

Sep 22, 2021

Midmarket Security: Think You’re Safe? Think Again

Gone is the false perception that large enterprises, banks, and financial institutions are the only organizations under attack.

Sep 22, 2021

Why Security Pros Should Rethink Their Focus on Information Resilience

Resilience is often defined as being able to withstand disruptions and rebound to a previous state. But a system’s ability to return to a prior state doesn’t mean it’s sufficiently resilient.

Sep 22, 2021

Cybersecurity In-Depth

Go to The Edge

Primer: Microsoft Active Directory Security for AD Admins
Nearly all AD environments are vulnerable to identity attack paths — a powerful, widespread, and difficult-to-detect attack technique. But we didn’t say impossible. Here’s how admins can stop them.
What Are the Different Types of Cyber Insurance?
Even with the best cybersecurity defenses in place, organizations can fall victim to a cyberattack.
10 Threat Trends in DNS Security
Cisco Security examines Cisco Umbrella data for trends in malicious DNS activity during 2020.