admin

Alert: Apache Log4j vulnerability (CVE-2021-44228)

Alert: Apache Log4j vulnerability (CVE-2021-44228)

Executive Overview

On December 9th, 2021, security researchers discovered a new critical Zero-Day vulnerability that impacts one of the most popular open-source Java logging libraries, Apache Log4j 2.  It is a critical vulnerability in the code of much utilised logging application.

 

The Common Vulnerabilities and Exposures (CVE) system has identified the Log4j vulnerability as CVE-2021-44228 and the NIST National Vulnerability Database (NVD) have assigned it a CVSS Score of 10.0 – Critical.

 

This vulnerability is such a critical risk due to the impact that it can have if leveraged by attackers. Details of the vulnerability can be found in the National Vulnerability Database (NVD) under the heading CVE-2021-44228. The confirmed affected versions of Log4j are 2.0-beta-9 through 2.14.1.

 

The exploit has been identified as a remote code execution (RCE) vulnerability in Apache Log4j 2 referred to as “Log4Shell”. The software, Log4j, is built on a popular coding language, Java, that has widespread use in other software and applications used worldwide. Log4j is estimated to be present in over 100 million instances globally.

 

The vulnerability is so critical as it enables unauthenticated Remote Code Execution (RCE) where an attacker can execute any code on a remote machine over LAN, WAN, or internet. The code is triggered when a string is provided by the attacker through a variety of different input vectors and is then processed by the Log4j 2 vulnerable element.

 

The NCSC is advising organisations to take steps to mitigate the Apache Log4j vulnerability.

An unauthenticated remote code execution vulnerability (CVE-2021-44228) affects Apache Log4j versions 2.0-beta9 to 2.14.1. The NCSC is aware that scanning and attempted exploitation is being detected globally, including the UK.

 

Proof-of-concept code has already been published for this vulnerability.

The NCSC has published further information explaining the Log4j vulnerability.

 

Details of the Vulnerability

Log4j is an open-source Java logging library developed by the Apache Foundation. It is widely used in many applications and is present in many services as a dependency. This includes enterprise applications, including custom applications developed within an organisation, as well as numerous cloud services.

 

An application is vulnerable if it consumes untrusted user input and passes this to a vulnerable version of the Log4j logging library.

 

 

Recommended priority actions

Install the latest updates immediately wherever Log4j is known to be used

This should be the first priority for all UK organisations using software that is known to include Log4j. All organizations should immediately patch all instances of Log4j to 2.16.0.

 

If one of your applications that you use is listed, please follow vendor advice on updating the software or applying mitigations. You should also keep refreshing the list in case a new product has been added.

If your specific product is not listed, you should try and determine if Log4j is present within your organisation.

 

There could be multiple copies of Log4j present and each copy will need to be updated or mitigated.

 

Deploy protective network monitoring/blocking

The following recommendations should be taken to improve network monitoring and blocking:

  • Organisations using Web Application Firewalls (WAFs) should ensure rules are available to protect against this vulnerability.
  • Organisations that understand normal outbound connections from their servers may wish to ensure they’re blocking unexpected outbound connections.

 

Actions Taken to Remediate

Attackers Reinvent Masslogger Trojan to Target Popular BrandsCISOMAGon February 19, 2021 at 4:02 pm CISO MAG | Cyber Security Magazine

News, Threats, compiled HTML file, Cybercriminals, cybersecurity, Google Chrome, malware, Masslogger infection chain, Masslogger Trojan, Microsoft Outlook, trojan, updated Masslogger TrojanCISO MAG | Cyber Security MagazineRead MoreA new version of the Masslogger Trojan has been targeting Windows users in a new phishing campaign. Cybersecurity experts from Cisco Talos stated that they’ve found an improved version of the Masslogger Trojan, designed to pilfer login credentials from popular applications like Microsoft Outlook, Google Chrome, and other messenger accounts. The new Masslogger phishing campaign, which
The post Attackers Reinvent Masslogger Trojan to Target Popular Brands appeared first on CISO MAG | Cyber Security Magazine.

A new version of the Masslogger Trojan has been targeting Windows users in a new phishing campaign. Cybersecurity experts from Cisco Talos stated that they’ve found an improved version of the Masslogger Trojan, designed to pilfer login credentials from popular applications like Microsoft Outlook, Google Chrome, and other messenger accounts. The new Masslogger phishing campaign, which was uncovered in mid-January 2021, targeted users across Italy, Latvia, and Turkey.

What is Masslogger?

Masslogger is a spyware written in .NET to steal user credentials from browsers, popular messaging applications, and email clients.

Improved Masslogger Trojan

First identified in April 2020, the malware authors are selling the updated versions of the Trojan to other malicious actors on underground dark web forums.

Researchers found that Masslogger operators can evade detection by disguising their malicious RAR files as Compiled HTML files. The discovery of the new variant of the Trojan indicates how malware developers are constantly updating their hacking methods.

“Although operations of the Masslogger Trojan have been previously documented, we found the new campaign notable for using the compiled HTML file format to start the infection chain. This file format is typically used for Windows Help files, but it can also contain active script components, in this case JavaScript, which launches the malware’s processes,” researchers said.

How Masslogger Trojan Attacks

The infection starts with an email with a malicious RAR attachment and a legitimate-looking subject line claiming to be from a business. The filename creates files with the RAR extensions named .rar, .r00, and .chm to bypass any programs that would block the email attachment based on its file extension. The payloads are hosted on compromised legitimate hosts with a filename containing one letter and one number concatenated with the filename extension .jpg.

The Masslogger Trojan payload is designed to retrieve and exfiltrate user credentials from a variety of sources. According to Cisco Talos, the new version of Masslogger has the capabilities to target and retrieve credentials from the various other applications like:

  • Pidgin messenger client
  • FileZilla FTP client
  • Discord
  • NordVPN
  • Outlook
  • FoxMail
  • Thunderbird
  • Firefox
  • QQ Browser
  • Chromium-based browsers (Chrome, Chromium, Edge, Opera, Brave)

“While most of the public attention seems to be focused on ransomware attacks, big game hunting, and APTs, it is important to keep in mind that crimeware actors are still active and can inflict significant damage to organizations by stealing users’ credentials. The credentials themselves have value on the dark web and actors sell them for money or use them in other attacks. Based on the IOCs we retrieved, we have moderate confidence that this actor has previously used other payloads such as AgentTesla, Formbook , and AsyncRAT in campaigns starting as early as April 2020,” researchers added.

The post Attackers Reinvent Masslogger Trojan to Target Popular Brands appeared first on CISO MAG | Cyber Security Magazine.

A new version of the Masslogger Trojan has been targeting Windows users in a new phishing campaign. Cybersecurity experts from Cisco Talos stated that they’ve found an improved version of the Masslogger Trojan, designed to pilfer login credentials from popular applications like Microsoft Outlook, Google Chrome, and other messenger accounts. The new Masslogger phishing campaign, which was uncovered in mid-January 2021, targeted users across Italy, Latvia, and Turkey.

What is Masslogger?

Masslogger is a spyware written in .NET to steal user credentials from browsers, popular messaging applications, and email clients.

Improved Masslogger Trojan

First identified in April 2020, the malware authors are selling the updated versions of the Trojan to other malicious actors on underground dark web forums.

Researchers found that Masslogger operators can evade detection by disguising their malicious RAR files as Compiled HTML files. The discovery of the new variant of the Trojan indicates how malware developers are constantly updating their hacking methods.

“Although operations of the Masslogger Trojan have been previously documented, we found the new campaign notable for using the compiled HTML file format to start the infection chain. This file format is typically used for Windows Help files, but it can also contain active script components, in this case JavaScript, which launches the malware’s processes,” researchers said.

How Masslogger Trojan Attacks

The infection starts with an email with a malicious RAR attachment and a legitimate-looking subject line claiming to be from a business. The filename creates files with the RAR extensions named .rar, .r00, and .chm to bypass any programs that would block the email attachment based on its file extension. The payloads are hosted on compromised legitimate hosts with a filename containing one letter and one number concatenated with the filename extension .jpg.

The Masslogger Trojan payload is designed to retrieve and exfiltrate user credentials from a variety of sources. According to Cisco Talos, the new version of Masslogger has the capabilities to target and retrieve credentials from the various other applications like:

  • Pidgin messenger client
  • FileZilla FTP client
  • Discord
  • NordVPN
  • Outlook
  • FoxMail
  • Thunderbird
  • Firefox
  • QQ Browser
  • Chromium-based browsers (Chrome, Chromium, Edge, Opera, Brave)

“While most of the public attention seems to be focused on ransomware attacks, big game hunting, and APTs, it is important to keep in mind that crimeware actors are still active and can inflict significant damage to organizations by stealing users’ credentials. The credentials themselves have value on the dark web and actors sell them for money or use them in other attacks. Based on the IOCs we retrieved, we have moderate confidence that this actor has previously used other payloads such as AgentTesla, Formbook , and AsyncRAT in campaigns starting as early as April 2020,” researchers added.

The post Attackers Reinvent Masslogger Trojan to Target Popular Brands appeared first on CISO MAG | Cyber Security Magazine.

Telephony Denial-of-Service Attacks on Rise, FBI Suggest RecommendationsCISOMAGon February 19, 2021 at 2:02 pm CISO MAG | Cyber Security Magazine

News, Threats, AFTS, Cyberattacks, Cybercriminals, data breach, data leak, FBI, FBI on TDoS attacks, PIN, Private Industry Notification, Ransomware attack, TDoS attacks, Telephony Denial of Service attacks, threat actorsCISO MAG | Cyber Security MagazineRead MoreThe FBI has warned about potential security risks with Telephony Denial-of-Service (TDoS) attacks. In an official Private Industry Notification (PIN), the agency revealed how TDoS attacks affect the availability of emergency service call centers like police, ambulance, or firefighting services. “TDoS attacks pose a genuine threat to public safety, especially if used in conjunction with
The post Telephony Denial-of-Service Attacks on Rise, FBI Suggest Recommendations appeared first on CISO MAG | Cyber Security Magazine.

The FBI has warned about potential security risks with Telephony Denial-of-Service (TDoS) attacks. In an official Private Industry Notification (PIN), the agency revealed how TDoS attacks affect the availability of emergency service call centers like police, ambulance, or firefighting services.

“TDoS attacks pose a genuine threat to public safety, especially if used in conjunction with a physical attack, by preventing callers from being able to request service. The public can protect themselves if 911 is unavailable by identifying in advance non-emergency phone numbers and alternate ways to request emergency services in their area,” the FBI said.

What is TDoS Attack

In TDoS attacks, attackers make an emergency telephone system unavailable to the users by blocking incoming and outgoing calls. The primary motive of bad actors in these attacks is to delay or block users’ calls to Public Safety Answering Points (PSAPs).  PSAPs represent key infrastructure that enables emergency responders to identify and respond to critical events affecting the public.

How Cybercriminals Launch TDoS Attacks

Threat actors are evolved to launch TDoS attacks both manually and automatically. In manual TDoS attacks, attackers use social networks to trick individuals into flooding a particular number with unwanted calls. While an automated TDoS attack leverages software-applications to make hundreds of calls in rapid succession, including Voice over Internet Protocol (VoIP) and Session Initiation Protocol (SIP).

Using Emergency Services in TDoS Attack

The FBI stated that malicious actors launch TDoS attacks in hacktivism, to harass call centers and distract operators, exploit computer networks for political and financial gains. The agency recommended certain steps to overcome an emergency in the event of a TDoS attack. These include:

  • Before there is an emergency, contact your local emergency services authorities for information on how to request service in the event of a 911 outage. Find out if text-to-911 is available in your area.
  • Have non-emergency contact numbers for fire, rescue, and law enforcement readily available in the event of a 911 outage.
  • Sign up for automated notifications from your locality if available to be informed of emergencies in your area via text, phone call, or email.
  • Identify websites and follow social media for emergency responders in your area for awareness of emergencies.

The post Telephony Denial-of-Service Attacks on Rise, FBI Suggest Recommendations appeared first on CISO MAG | Cyber Security Magazine.

The FBI has warned about potential security risks with Telephony Denial-of-Service (TDoS) attacks. In an official Private Industry Notification (PIN), the agency revealed how TDoS attacks affect the availability of emergency service call centers like police, ambulance, or firefighting services.

“TDoS attacks pose a genuine threat to public safety, especially if used in conjunction with a physical attack, by preventing callers from being able to request service. The public can protect themselves if 911 is unavailable by identifying in advance non-emergency phone numbers and alternate ways to request emergency services in their area,” the FBI said.

What is TDoS Attack

In TDoS attacks, attackers make an emergency telephone system unavailable to the users by blocking incoming and outgoing calls. The primary motive of bad actors in these attacks is to delay or block users’ calls to Public Safety Answering Points (PSAPs).  PSAPs represent key infrastructure that enables emergency responders to identify and respond to critical events affecting the public.

How Cybercriminals Launch TDoS Attacks

Threat actors are evolved to launch TDoS attacks both manually and automatically. In manual TDoS attacks, attackers use social networks to trick individuals into flooding a particular number with unwanted calls. While an automated TDoS attack leverages software-applications to make hundreds of calls in rapid succession, including Voice over Internet Protocol (VoIP) and Session Initiation Protocol (SIP).

Using Emergency Services in TDoS Attack

The FBI stated that malicious actors launch TDoS attacks in hacktivism, to harass call centers and distract operators, exploit computer networks for political and financial gains. The agency recommended certain steps to overcome an emergency in the event of a TDoS attack. These include:

  • Before there is an emergency, contact your local emergency services authorities for information on how to request service in the event of a 911 outage. Find out if text-to-911 is available in your area.
  • Have non-emergency contact numbers for fire, rescue, and law enforcement readily available in the event of a 911 outage.
  • Sign up for automated notifications from your locality if available to be informed of emergencies in your area via text, phone call, or email.
  • Identify websites and follow social media for emergency responders in your area for awareness of emergencies.

The post Telephony Denial-of-Service Attacks on Rise, FBI Suggest Recommendations appeared first on CISO MAG | Cyber Security Magazine.

Data Risk, Intelligence and Insider Threats

Feedzy

When it comes to securing networks in today’s business environment, the single biggest challenge firms must contend with is that of the insider threat.

While the term is typically associated with corporate espionage or perhaps disgruntled workers, this threat is mostly not caused by malicious actors.

The insider threat simply refers to the damage caused by individuals who are granted legitimate access to an organization’s digital infrastructure. Most commonly, the threat of insiders takes the form of unintentional data leaks by employees. Emails containing sensitive files, data transfers to the wrong department, the granting of access to unauthorized parties. All of these and many other slips can result in serious cases of data loss and exposure.

Indeed, it has long been recognized that the majority of data loss results from the actions of insiders. Notable cases of data exfiltration, often involving extremely sensitive information, has been attributed to negligent or inadvertent users.

These facts have serious implications for enterprise information security. The millions in assets and man-hours devoted to protecting the network from the outside could probably be put to better use improving employee interaction with their own data.

GTB’s Data Security That Workstm solutions takes a head-on approach to solving this most basic of data security challenges.

Better Awareness Equals Safer Data

With the belief that education is the most important aspect of security, the GTB platform is designed to build user awareness regarding the data they regularly interact with. The GTB Inspector is built to stop embarrassing or costly mistakes users make on a daily basis. With the GTB Inspector, an organization has the ability to notify/educate employees of a potential security breach or policy infraction with providing the ability to remediate. Powered by artificially intelligent algorithms, GTB technology uses a wide variety of methods to promote secure behavior and interaction with the network and company data. Business insight, contextual indicators, and behavioral analysis form the foundations of the protective protocols.

How it Works

When GTB’s platform identifies potentially compromising activity, it can take several automatic measures to prevent any data loss from taking place. Depending on the incident, IT can be immediately notified or the action being taken or transfer being attempted can be blocked.

GTB’s state-of-the-art technology takes on data security violations at their most common root. By raising awareness and educating the end user about cybersecurity and corporate policies, GTB solves the data loss challenge both affordably, and with the highest accuracy in the market today.

For more information about securing your sensitive data including from Remote users, go to www.gttb.com

Top 100 Cybersecurity News Sites

Feedzy

With millions of websites and downloadable files available on the internet, potential risks of security breach are high, especially with the fast development in technology. In this article, we will list top 100 cybersecurity news sites so you can stay updated and on the lookout.

1. Infosecurity-magazine

Website: https://www.infosecurity-magazine.com/

InfoSecurity Magazine tackles all that relates to big data, encryption, cybercrime and so much more. They also hold weekly podcasts in which they several other topics.

2. Cyber Defense Magazine

Website: https://www.cyberdefensemagazine.com/

The website is home to the most prominent writers in the field of Cybersecurity and IT. Their aim is to share knowledge with the world and keep people safe from malwares, data breaches and so much more.

3. Security Week

Website: https://www.securityweek.com/

First on our top 100 cybersecurity news sites is SecurityWeek.com. It is a website moderated by a team of IT security experts. They constantly provide their readers with the latest news about Cybersecurity.

4. The Hacker News

Website: https://thehackernews.com/

The hacker new is one of the post popular and most trusted cybersecurity news website on the internet. It has received national recognition and several awards.

5. Cyber Security Magazine

Website: https://www.cybersecuritymagazine.com

The website focuses on news regarding cybersecurity news for consumers with a series of informative articles.

6. E-Hacking News.

Website: https://www.ehackingnews.com/

E-Hacking news’ top topics are Malware, Mobile Security and Data Breach. If you want to keep yourself safe, we highly recommend that you pay the website a visit whenever you can.

7. We Live Security

Website: https://www.welivesecurity.com/

If you are looking for the latest news about privacy, cybersecurity and keep yourself away from scams, WeLiveSecurity will keep you safe and updated.

8. Comodo News.

Website: https://blog.comodo.com/

If you are just beginning to enter the wide field of security, Comodo News simplifies matters as much as possible for its readers and at the same time provide all the information you will need.

9. Help Net Security

Website: https://www.helpnetsecurity.com/

This website is focused on cybersecurity business news and the security of your enterprise.

10. CSO

Website: https://www.csoonline.com/news/

Available in 5 regions including USA, UK and India, CSO offers its readers news about data protection and the continuity of business. The articles posted here contain enough tips to keep your information safe.

11. Dark Reading.

Website: https://www.darkreading.com/

There is no doubt that the Dark Reading is one of the most popular cyber security websites. A trusted source with thousands of readers every day led by security specialists, researchers and chief information security officers.

12. The Security Ledger

Website: https://securityledger.com/

Although they post less frequently, The security ledger is amongst the top 100 cybersecurity news websites that is worth visiting.

13. SCmagazine

Website: https://www.scmagazine.com/

With 30 years of experience, SC Magazine share everything related to cybersecurity industry through a team of experts and specialists.

14. Information Security Buzz

Website: https://informationsecuritybuzz.com/

ISBuzz News’ team will offer you guidance and opinions about everything related to cyber security alongside with the latest news

15. GBHackers On Security

Website: https://gbhackers.com/

Everyday there is a news story on GBHackers that covers cybersecurity in all its aspects.

in all its aspects.

16. Techworm

Website: https://www.techworm.net/

Your privacy is their goal. Techworm specialists are obsessed with cybersecurity. They will bring you news from all over the world to reach on your comfortable couch.

17. Bank Info Security

Website: https://www.bankinfosecurity.com/news

If you are on the hunt for cybersecurity Business news websites, you will not find better than BIS. They specialize in covering risk management and information security.

18. HackRead

Website: https://www.hackread.com/

For cybersecurity consumer news websites, you will find that Hack Read answers all your questions through a wide array of informative articles.

19. The CyberWire

Website: https://thecyberwire.com/

Cyber Wire is an independent website that managed to become one of the top cybersecurity news providers on the internet. They deliver information in the simplest way possible for you to fully understand.

20. Cybers Guards

Website: https://cybersguards.com/

If you are interested in Cybersecurity, chances are you have already heard of Cyber Guard. If not, then there is no better time to read more about cyber attacks and how to keep your data safe.

21. IT Security Guru

Website: https://www.itsecurityguru.org/

This website will keep you posted regarding the latest cybersecurity and IT news.

22. Infosecurity

Website: https://www.infosecurity-magazine.com/

With ten years of experience, this website have award winning cybersecurity and IT specialists who write articles of the latest news in their field of work.

23. CyberNoticeBoard

Website: https://www.cybernoticeboard.com/

Through reading the news on Cyber Notice Board, you will be able to keep your cyberspace secure from any malicious attacks and stay updated on what is new.

24. Internet Storm Center

Website: https://isc.sans.edu/

ISC started fighting cyber-attacks since 2001 with the help of international forces of the same interest. They post new articles as well as podcasts on daily basis.

25. Virtualattacks

Website: https://virtualattacks.com/

Get yourself acquainted with future cybersecurity trend before they even occur. Virtual Attacks give in-depth cybersecurity news and what should be done to prevent such attacks.

26. K12

Website: https://k12cybersecure.com/

The K-12 Cybersecurity Resource Center if focused on cybersecurity research as well as daily news. It is the most information packed website on our top 100 cybersecurity news websites

27. Binary Blogger

Website: https://binaryblogger.com/

This website offers news in the form of articles, podcasts and through social media. Cybersecurity is their strongest field and through using their materials, you will keep your data safe.

28. Binary Defense

Website: https://www.binarydefense.com/

The news section of Binary Defense is packed with useful information to keep yourself safe from Cyber-attacks.

29. Gov Info Security

Website: https://www.govinfosecurity.com/

GIS is amongst the best cybersecurity Government news and one that is worth checking on daily basis. Cybercrime amongst others, is a strong subject in which they specialize.

30. Hacker News Bulletin

Website: http://www.hackersnewsbulletin.com/

The specialists in this website will give you all the news and tip you need to keep yourself updated and secure from malicious cyber-attacks.

31. Cyber Safe

Website: https://www.cybersafe.news/

Cyber Safe is amongst the most well informed website in cybersecurity news. They bring hot topics to the table before they are posted anywhere else.

32. Search Security.

Website: https://searchsecurity.techtarget.com/

Search Security is an award winning website that covers everything related to cyber security and safety. They post more than 3 times a day and provide tips on how to keep your data secure.

33. Naked Security

Website: https://nakedsecurity.sophos.com/

If it is advice, opinion or tips regarding cyber security, Naked Security will provide you with that and much more.

34. Security Gladiators

Website: https://securitygladiators.com/internet-security-news/

With internet security as their field of expertise, Security Gladiators is leading provider of cybersecurity consumer news about technology, streaming and gaming.

35. Daniel Miessler

Website: https://danielmiessler.com/

It may sound too much for a one man, but Daniel Miessler is a professional and can be considered a force when it comes to Cybersecurity. He writes news and guide that you will find very useful.

36. Adam Shostack & Friends

Website: https://adam.shostack.org/

At first glance, it may not look like a perfectly designed website, but it contains huge loads of information and news about cybersecurity.

37. Tripwire’s State of Security.

Website: https://www.tripwire.com/state-of-security/

The website welcomes posts and news from the most prominent professionals in cybersecurity field. It won several awards for the work they provide.

38. The Last Watchdog

Website: https://www.lastwatchdog.com/

The website is founded by the Pulitzer winning writer Byron V. Acohido. An expert in cyber security and privacy.

39. Threat Post

Website: https://threatpost.com/

The website dives deeper into every aspect of cybersecurity and thus providing the readers with both articles and podcasts.

40. Tao Security.

Website: https://taosecurity.blogspot.com/

Although it is a simple blog, Richard Bejtlich makes sure to keep his reader updated regarding the latest cybersecurity news.

41. The Akamai Blog

Website: https://blogs.akamai.com/

You can consider Akamai as an open forum to discuss cybersecurity news and at the same time a website from which you will be able to get the most recent news.

42. Bleeping Computer

Website: https://www.bleepingcomputer.com/news/security/

The news section of bleeping computer has all that you need to keep yourself educated about cybersecurity.

43. Schneier

Website: https://www.schneier.com/

This is one of the most celebrated cybersecurity managed by the world-renowned cybersecurity technologist Bruce Schneier.

44. Graham Culely.

Website: https://grahamcluley.com/about-this-site/

Since 2009, Graham has been an avid cybersecurity professional and have now put all his experience in his blog in which he shares news and tips constantly

45. Krebs On Security

Website: https://krebsonsecurity.com/

Kerbs a cybersecurity writer and reported, he brings to light news and information about the industry.

46. Cyware

Website: https://cyware.com/cyber-security-news-articles

The security section of Cyware is constantly updated with the latest news on cybersecurity.

47. Dan Kaminsky

Website: https://dankaminsky.com/

Dan’s blog covers everything related to security. He is a leading expert in cybersecurity who shares his experience on the web.

48. Hacking Articles

Website: https://www.hackingarticles.in/

Hacking articles contain all information you need about cybersecurity. Each day, more content is added.

49. Security Bloggers Network

Website: https://www.infosecinstitute.com/

This is a collection of more than 250 websites and blog about cybersecurity.

50. Liquid Matrix.

Website: https://www.liquidmatrix.org/blog/

A blog full of long articles about cybersecurity with in-depth details.

51. Troy Hunt.

Website: https://www.troyhunt.com/

You have probably heard of the name, but if have not; Troy is security expert who dedicated his time to share his experience with readers.

52. Marco Ramilli

Website: https://marcoramilli.com/

Marco Ramilli’s Blog is an outstanding source of information and news about cybersecurity in all aspects.

53. Zero Day.

Website: https://www.zdnet.com/blog/security/

Zero Day is known for being fast with delivering the most recent cybersecurity news to the readers.

54. Notice Bored

Website: https://blog.noticebored.com/

Gary Hinson posts the most recent news and topics about cybersecurity every day

55. SecurityTrails

Website: https://securitytrails.com/

ST provide weekly posts and news, you can consider it as a summary of what happens every week in cybersecurity.

56. PerezBox

Website: https://perezbox.com/

With more than 16 years of experience, Tony know the industry very well and helps his readers stay updated through sharing articles and blogs.

57. Cytelligence

Website: https://cytelligence.com/

Daniel Tobok have managed to help several companies secure their data and information and now he is sharing his experience with readers and bringing them news.

58. Talos

Website: https://blog.talosintelligence.com/

The team at Talos care most about making people’s data safe from malicious attacks, they share cybersecurity news as well as podcasts.

59. Security Affairs

Website: https://securityaffairs.co/

Considered as Europe’s best personal security blog, news and information related to cybersecurity is shared daily.

60. FSecure.

Website: https://blog.f-secure.com/

This blog contain a huge amount of information and news about cybersecurity and mobile security in particular.

61. Hacker Combat.

Website: https://hackercombat.com/

Hacker Combat has one of the most educated community about cybersecurity; they share news and information around the clock.

62. FireEye

Website: https://www.fireeye.com/

On this blog, you will find both cybersecurity business news and consumer news as well as tips to keep your data safe.

63. Andrew Hay

Website: https://www.andrewhay.ca/

Having worked at OpenDNS, DataGravity, and CloudPassage, Andrew is quite the expert in cybersecurity and he shares news about the industry.

64. Flying Penguin

Website: https://www.flyingpenguin.com/

A team of the most remarkable cybersecurity experts post news on the website every day.

65. Security Weekly.

Website: https://securityweekly.com/

On Security Weekly, you can read news articles, listen to radio and watch podcasts related to cybersecurity.

66. Arstechnica

Website: https://arstechnica.com/

The security section of Arstechnica reports the most recent news related to cybersecurity in all its aspects.

67. Veracode

Website: https://www.veracode.com/blog

Focused on mobile security and hacking, the experts at Veracode know exactly what to report to their readers.

68. CIO Security.

Website: https://www.cio.com/

The security section on CIO security posts the most recent news and research in the cybersecurity industry.

69. SANS.

Website: https://www.sans.org/security-awareness-training

If you are looking for more than cybersecurity news, SANS will also provide you with training. Their news are reliable and trusted.

70. The Guardian ISH

Website: https://www.theguardian.com/media-network/information-security

The information section hub of the guardian is packed with news and content is added everyday.

71. Ycombinator

Website: https://news.ycombinator.com/

It may not be a flashy website, but ycombinator’s news section perfectly reports fresh cybersecurity news.

72. Homeland Security News Wire

Website: http://www.homelandsecuritynewswire.com/topics/cybersecurity

The cybersecurity section on HSNW is one of the best sources of news related to that particular industry.

73. Inside Cybersecurity

Website: https://insidecybersecurity.com/

This is oriented for business people as it brings them cybersecurity business news and keep the professionals up to date.

74. Secure List

Website: https://securelist.com/

There is no one to provide news than an expert and Secure List is directly funded by Kaspersky Lab, making it one of the most reliable sources of cybersecurity news.

75. BSSI2

Website: https://www.bssi2.com/blog/

The writers at BSSI2 are expert IT professionals who post informative articles and news.

76. Microsoft Malware Protection

Website: https://www.microsoft.com/security/blog/product/windows/

If you would like to receive news and alerts related to cybersecurity, MMP is a very good way to do that.

77. Cyber Ark.

Website: https://www.cyberark.com/blog/

Like many websites in this top 100 cybersecurity news websites, Cyber Ark’s goal is to help you keep your self safe form malicious attacks.

78. Vipre

Website: https://www.vipre.com/blog/

If you are looking forward to be informed about advanced cyber threats, Vipre is the one website you should follow.

79. CNET

Website: https://www.cnet.com/topics/security/

The security section of CNET offers the readers all they need to know about cybersecurity by providing news and articles.

80. CERIAS

Website: https://www.cerias.purdue.edu/site/news

Alongside with cybersecurity news, CERIAS provides its visitors with tools and learning resources to battle against cybersecurity.

81. Electronic Frontier Foundation

Website: https://www.eff.org/deeplinks

EFF is all about cybersecurity consumer news. They specialize in securing civil liberties online. They will keep you updated with the recent developments.

82. Knowb4

Website: https://blog.knowbe4.com/

You will be kept updated about the most recent cybercrime methods and techniques and how to prevent them from happening to you.

83. TechNews.

Website: https://www.technewsworld.com/

From hacking to privacy, you will find news about anything related to cybersecurity.

84. Architect Security.

Website: https://architectsecurity.org/

April C. Wright both publishes news and teaches people to stay safe again cybercrime. She writes about personal privacy, hackers, risk management and more.

85. AFCEA

Website: https://www.afcea.org/

AFCEA provide its visitors with news in the global security and intelligence sectors.

86. PCmag.

Website: https://me.pcmag.com/en/

PC mag’s security section provides the most valuable information and the most recent news to its readers.

87. Computer World

Website: https://www.computerworld.com

It is one of the leading websites in the IT and Computer business, they do not however, neglect cybersecurity news.

88. The Register.

Website: https://www.theregister.com/

If you are a professional, this is your go to website for cybersecurity and IT news.

89. Digital Guardian

Website: https://digitalguardian.com/blog

There are many articles on cybersecurity available on the website already, and each day, they add more news for their readers.

90. Peerlyst.

Website: https://www.peerlyst.com/

Peerlyst is trusted by professionals, businesspersons and individuals who have interest in cybersecurity.

91. Global Sign

Website: https://www.globalsign.com/en/blog

The blog section in on Global Sign is home to several articles about cybersecurity. News are added on daily basis.

92. Security Boulevard

Website: https://securityboulevard.com/

With over 320 member blogs, security boulevard has become home to cybersecurity experts and people interested in the subject.

93. IT Pro Portal

Website: https://www.itproportal.com/

This website has more to offer than news of cybersecurity. It also provides the readers with reviews and several features about the subject.

94. Stay Safe Online.

Website: https://staysafeonline.org/

Stay Safe Online is directly powered by the NCSA and is therefore known for providing the most accurate and fresh news about everything related to cybersecurity.

95. Mashable Cybersecurity.

Website: https://me.mashable.com/cybersecurity

You have probably heard of Mashable, but id you know they have a cybersecurity section? Now you do, and in it, you will find the most recent news.

96. Hot For Security.

Website: https://hotforsecurity.bitdefender.com/

Powered by Bitdefener, Hot for security is quickly claiming its spot in the top cybersecurity news websites.

97. TechCrunch Security.

Website: https://techcrunch.com/tag/security/

Tech Crunch needs no introduction. Although they do not post frequently, their security section is one of the most reliable on this list

98. Malware Bytes

Website: https://blog.malwarebytes.com/

Being the leader is safety and cybersecurity, Malware Bytes Lab provides its readers with unlimited amount of information and news.

99. Symantec Blog

Website: https://symantec-enterprise-blogs.security.com/blogs/

Symantec Company is specialized in providing assisting cybersecurity services for individuals, companies and even governments. Their blog s news-packed.

100. McAfee Security

Website: https://www.mcafee.com/blogs/

There is no doubt you have heard of the name, but have you checked the blog? You will find the latest news and a variety of informative articles.

Cyber Defense Magazine nominated Cobwebs Technologies for Its 2021 InfoSec Awards for threat intelligence

Feedzy

By Udi Levy, CEO & Co-Founder at Cobwebs Technologies

With a growing number of malicious cyber activities, threat intelligence has become an integral part of many organizations. Most threat intelligence solutions available in the market still rely on analysts or investigators collecting, processing, and analyzing huge amounts of data for actionable insights. Collecting and processing these millions of data points and indicators is just too much for human analysts to effectively identify threats and process them in a timely manner.

Therefore, threat intelligence requires advanced technological solutions, such as an AI-Powered Web Intelligence platform that enables the identification of cyber threats prior to occurring by observing attackers, their plans, and methodologies to generate real-time insights. This allows for the rapid creation of profiles of threat actors, and map their hidden activity networks and behavior patterns across numerous sources.

To put the spotlight on advanced solutions for threat intelligence, Cyber Defense Magazine has nominated some of the world’s best cybersecurity experts in the threat intelligence category. The nominees provide the best technologies available to keep organizations safe. Founded in 2012, Cyber Defense Magazine is the industry’s leading electronic information security magazine giving annual Global InfoSec awards to innovative information security companies for their innovations in the field of information security, including threat intelligence.

Cobwebs was nominated by Cyber Defense Magazine for the threat intelligence capabilities of its AI-powered WEBINT platform. This platform collects, analyzes, and monitors relevant big data from all web layers (surface, deep and dark web) including social networks, message boards, online forums, and more. The advanced threat intelligence software uses smart natural language processing (NLP) and machine learning (ML) algorithms. The solutions provided by Cobwebs are easy to use and highly efficient and are capable of identifying threats in real-time and staying on top of emerging threats to organizations. The seamless integration of new data sources enables the WEBINT platform to also leverage generated threat intelligence to determine what might be the most relevant topics that an organization should keep an eye on to identify future threats by using certain keywords, locations, hashtags, etc.

“We‘re honored to be nominated by Cyber Defense Magazine as an industry innovator in the InfoSec threat intelligence category for 2021,” said Udi Levy, CEO & Co-Founder at Cobwebs Technologies. “Our AI-powered engine is designed to guide organizations in centralizing their threat intelligence from all sources and platforms in one innovative solution. The automated tools provide real-time alerts to create clarity of the threats in the organization’s feed and streamlining operations. Our unique technology gathers and analyzes vast amounts of data to detect cyber threat insights in real-timeThe threat intelligence platform of Cobwebs meets the needs of private and government sectors for a comprehensive threat intelligence solution by:

  • Providing situational awareness;
  • Delivering real-time alerts for follow-up;
  • Detecting the identity and activities of threat actors;
  • Enabling cooperation between team members, departments, and agencies;
  • Processing relevant big data for actionable insights;
  • Defining interest categories such as relevant locations, hashtags, groups, and individuals.
  • Detecting data leaks, reputational issues, or threats against brands, assets, or employees

Cobwebs is the recipient of numerous industry accolades, including Frost $ Sullivan Global AI-powered Web Intelligence Technology Innovation Leadership Award, 2020 ‘ASTORS’ Homeland Security Award, joining the prestigious RegTech100 list that recognizes the tech companies that have transformed compliance, risk management, and cybersecurity, 2019 Global AI-Powered Web Intelligence Technology Innovation Award.

About the Author

Udi Levy AuthorUdi Levy is the CEO and co-founder of Cobwebs Technologies. He brings vast experience in the global technology market with extensive experience and expertise in the Intelligence and Security domains.

Prior to founding Cobwebs, Mr. Levy was responsible for developing Tactical & Cyber Intelligence Solutions in major companies and was involved in developing and deploying various strategic projects at enterprises and government agencies..

Mr. Levy holds a BSc degree in Computers Engineering from the Hebrew University of Jerusalem and an MBA degree.

http://www.cobwebs.com/

Top 100 Cybersecurity Movies

Feedzy

  1. The Computer Wore Tennis Shoes (1969)

In The Computer Wore Tennis Shoes, Kurt Russell stars as an underachieving college student whose intellectual capabilities skyrocket after an electrical accident with a computer when its “brain” fuses with his own. (Note: you’re going to notice this type of theme with multiple movies on this list — someone gets zapped during a storm or electrical overload and, bam, something major happens as a result… yada, yada, yada.)

  1. The Italian Job (1969)

The Italian Job stars Michael Caine as a recently released convicted criminal who recruits infamous computer hackers in the U.K. to steal a shipment of gold in Turin, Italy — all while avoiding the police and Italian mobsters. They do this by hacking the city’s traffic light system to cause a massive city-wide gridlock. This is one of the classic hacker movies that should definitely be included on any list of cyber films.

  1. Colossus: The Forbin Project (1970)

In Colossus, the United States has developed a massive supercomputer (Colossus) to protect the nation from nuclear attacks. However, Russia has created a similar supercomputer, called Guardian, and the two machines begin a dialog. The communication between the two artificial intelligences (AIs) leaves its creator, Charles Forbin, worried about what could result, and so he severs the connection. This leads to Colossus threatening global destruction unless the link is restored. Considering the heightened political tensions going on around this time in our history, it’s understandable why this cyber movie highlighted issues of concern surrounding artificial intelligence (AI).

  1. The Conversation (1974)

The Conversation, which was nominated for three Oscars, stars Gene Hackman as a highly regarded surveillance expert whose work leads to the death of a woman and child and, he fears, will lead to the deaths of a couple if he doesn’t intervene. (Note: Hackman gets to reprise his role as a high-tech wizard again a few decades later in another movie that you’ll see further down the list.)

  1. Three Days of the Condor (1975)

In Three Days of the Condor, Robert Redford stars as a CIA codebreaker who discovers all of his coworkers were murdered. Soon, he realizes that individuals higher up in within the agency are responsible. He then goes into hiding to avoid being killed by a hired hitman while trying to figure out why his own employers want him dead. If you haven’t seen this movie, it’s definitely one to add to your list.

  1. Prime Risk (1985)

In Prime Risk, a female engineer and her friend (played by Julie Collins and Michael Fox) figure out a way to scam ATM machines. In the process, however, they realize they’ve stumbled upon a way to destroy the U.S. Federal Reserve as a whole.

  1. Tron (1982)

Tron stars Jeff Bridges, who plays a hacker/arcade owner whose physical body is transformed into a digital form by a software pirate called Master Control. There, he’s forced to participate in gladiatorial-style games. To outmaneuver his enemy and attempt to escape, Bridge’s character has to team up with a computer program character.

  1. WarGames (1983)

This hacker movie focuses on Matthew Broderick’s teenage genius character as he hacks his way into secret U.S. military program and interacts with its artificial intelligence (AI) system. He thinks he’s playing a video game with the system, not initially realizing that the actions he set into motion, if left unaltered, would lead to a global meltdown as the result of a nuclear war between the U.S. and Soviet Union.

  1. 23 (1998)

23 is a movie that’s based on the story of real-life hackers from Hannover, Germany, in the 1980s. In this film, an orphan uses some of his inheritance to purchase a computer. At first, he just discussed conspiracy theories online but soon dives deeper. Along with a friend, he starts infiltrating military computers.

  1. Disclosure (1994)

This is definitely not one of the hacker movies to watch with your kiddos. In Disclosure, a computer expert goes on the offensive when he finds himself the sexual harassment target of ex-lover-turned-boss who sets out to destroy his career, reputation, and personal life. This star-studded cast includes Michael Douglas, Demi Moore, and Donald Southerland. While the focus of the movie is more on sexual harassment in the workplace, cyber security and technology still play a critical role in Douglas’s character’s efforts to discredit his attacker.

  1. Enemy of the State (1998)

As someone who is a huge fan of Will Smith (and others in this star-studded cast), there’s no way that Enemy of the State wouldn’t make my list. Smith plays a lawyer who is (unknowingly) in possession of video surveillance evidence of a politically motivated crime. He finds himself the target of corrupt politicians who do everything in their power to destroy his reputation, life, and eventually frame him for murder.

  1. Entrapment (1999)

The sexy action-thriller Entrapment, starring Sean Connery and Catherine Zeta-Jones, is about a renowned thief and an undercover art investigator who team up to steal priceless works. The movie is one elaborate caper after another and involves them eventually hacking into a server room or vault to reroute traffic for a high-level stock exchange. Although the technical processes in the movie aren’t necessarily accurate — which I won’t get into without giving away spoilers — it still doesn’t take away from the appeal of the film. Therefore, it stays firmly planted on my list of favorite hacker movies.

  1. Ghost in the Machine (1993)

Ghost in the Machine is about a serial killer whose consciousness transfers to an MRI machine due to a freak accident during an electric storm. In his new form, continues his killing spree using computers, kitchen appliances, and other technologies that are attached to networks and power grids. The title of the movie refers to a phrase from British philosopher Gilbert Ryle in reference to Rene Descartes’ concept of mind-body dualism to describe how a person’s consciousness is its own entity that’s exists independent of the physical brain.

  1. Hackers (1995)

In Hackers, a child hacker-turned-18-year-old meets up with a group of teenage hackers who, together, uncover evidence of a massive embezzling scheme. Unfortunately for them, their cyber intrusion is discovered, and they are blamed for creating a virus that will capsize an oil fleet. They must work together to gather proof of their innocence and to save themselves. Although the “high-tech” data center servers hilariously look like just some colored glass pillars, this movie still claims a place in our hearts.

  1. Johnny Mnemonic (1995)

In Johnny Mnemonic, Keanu Reeves plays a data trafficker who uses his brain as a mule for a computer chip transport sensitive data. Until he gets a delivery that’s too big for the chip! Now he must dodge assassins and complete the delivery in just 24 hours.

  1. Jurassic Park (1993)

While this classic dino movie may not be a hacking movie or cyber security movie in the traditional sense, Jurassic Park definitely involves hacking in a roundabout way. The actions of a hacker-turned-criminal (think insider threat) cause the park’s defense systems to malfunction, allowing the dinosaurs to escape and terrorize the park’s visitors. But it’s also the actions of another young hacker that ultimately reboots the park’s security systems and saves remaining survivors.

  1. Masterminds (1997)

As a movie aimed at teenagers, Masterminds follows a cat-and-mouse battle of wits started when villainous security expert (played by Patrick Stewart) takes an exclusive school full of high schoolers hostage for ransom. His biggest challenge? A rebellious teenage hacker who snuck into the school’s basement just before everything went down. He finds himself in the position of using his wits and prank skills to outwit this criminal mastermind.

  1. Sneakers (1992)

In Sneakers, Robert Redford plays the head of a group of computer and espionage experts — think penetration testing experts to the extreme — who are hired to steal a computer program that’s designed to serve as a universal code breaker. However, things go awry when the device’s creator gets murdered — they become suspects and must do everything within their power to clear their names.

  1. Terminator 2 (1991)

No list of tech, cyber security, or hacker movies would be complete without at least mentioning The Terminator franchise and Skynet, the advanced artificial intelligence that everyone uses as an analogy today for concerns about AI threats. In Terminator 2: Judgment Day, a cyborg identical to the one from the first movie, is sent to protect Sarah Connor’s son, John Connor from an even more advanced model. In this movie, John demonstrates advanced technical skills by bypassing the security systems at Cyberdyne and hacking an ATM machine.

  1. The Matrix (1999)

This science fiction movie blew minds and made millions question reality. The Matrix, which stars Keanu Reeves, is about a hacker who learns that he — and the rest of mankind — is living in a simulated reality constructed by super intelligent and evolved computers that intend to keep humanity its prisoners of war to use their bodies as a source of organic fuel. Reeves’ character, known as Neo, teams up with a small group of mysterious rebels to continue their war against the controlling forces.

  1. The Net (1995)

This hacker movie is a personal favorite from my childhood, although its theme of identity theft is all too real for many nowadays. In The Net, Sandra Bullock plays a reclusive computer programmer who is just looking to enjoy a little time off when she finds herself tangled up in the conspiracy of a group of cybercriminals. Some of her colleagues mysteriously die, her identity is erased, and her life — and the lives of those around her — hangs in the balance.

  1. Gamer (2009)

Personally, I wasn’t a big fan of this movie (despite it starring Gerard Butler and Michael C. Hall, aka Dexter Morgan from the TV show Dexter). However, I’ve seen it included on multiple sites’ lists of the best hacker-related movies, so I figured I’d put aside my own feelings and (begrudgingly) include it as well. In Gamer, a teenager controls a death-row inmate with a remote gaming device. The inmate is forced to fight other prisoners every week in a violent showdown. He seeks to find a way to end the game and defeat the inventor, to win his and his wife’s freedom.

  1. Live Free or Die Hard (2007)

This fourth installment of the popular Bruce Willis movie franchise involves a disgraced Department of Defense employee-turned-cyber terrorist (played by Justin Long) launching a large-scale cyber attack to disable the U.S.’s vulnerable computer infrastructure and crash the economy. The main character, John McClane — the NY detective who is “always in the wrong place at the wrong time” (played by Willis) — once again finds himself in the unenviable position of having to save the day. Only this time, he does it with the assistance of a young hacker (played by Timothy Olyphant).

  1. Minority Report (2002)

Minority Report, which takes place about 25 years from now, follows a specialized police division known as Pre-Crime that is authorized to arrest people who before they commit future crimes. The unit’s chief, played by Tom Cruise, himself is accused of being responsible for a future murder and winds up going on the lam to escape capture and arrest by his own team.

  1. Swordfish (2001)

In Swordfish, an elite hacker (played by Hugh Jackman) who was imprisoned for infecting an FBI program was recently released from prison. A woman and her criminal employer (played by Halle Berry and John Travolta) recruit him for the purpose of getting him to write a worm to steal $9.5 billion from a government slush fund. But not everything is as it seems.

  1. The Bourne Ultimatum (2007)

The Bourne Ultimatum, the third movie in the Bourne series, involves operative Jason Bourne (played by Matt Damon) teaming up with an investigative reporter to track down those who betrayed him. In the meantime, a CIA official is trying to assassinate Bourne before his memory returns.

  1. The Girl with the Dragon Tattoo (2009 and 2011)

There are actually two versions of the same film that came out just two years apart. Because they’re so close together, I’m just lumping them into one callout. The first version of the film stars a Swedish cast, and the second version was released two years later and stars Daniel Craig and Rooney Mara. The premise of the films follows a journalist who enlists the help of a young hacker in his quest to track down a woman who has been missing for several decades. The movies are based on one of the books in the bestselling novel series “The Millennium Trilogy.”

  1. The Italian Job (2003)

This version of The Italian Job, which is a different take on the plot of the original 1969 film, stars Mark Wahlberg, Ed Norton, and Donald Sutherland. Rather than being a comic caper movie about the planning of a heist in Turin, this involves the main character being betrayed and left for dead in Italy, and then planning a heist against a former ally. Although it borrows from much of the original screenplay, it does take creative license and takes the story in a different direction. For me, though, it’s an interesting film on its own merit but I still prefer the original.

  1. V for Vendetta (2005)

Funnily enough, V for Vendetta, which is based on a 1980s graphic novel by Alan Moore, is set to take place in 2020. In it, the population of the U.S. is nearly wiped out by a virus, and Britain is a police state that’s ruled by a dictator “who promises security but not freedom.” Natalie Portman’s character, Evey, is saved from being raped by plainclothes police by an unknown actor known only as V (played by Hugo Weaving), and she ends up joining him in his mission of overthrowing the government in power. Although the movie doesn’t technically involve a hacker, per se (he hacks into the fate computer in the graphic novel series but not in the movie adaptation), it’s what inspired the use of the Guy Fawkes masks that are used to represent members of the real-world international hacker group Anonymous.

  1. Untraceable (2008)

The horrifying thriller Untraceable stars Diane Lane as an agent in the FBI’s Cyber Crimes Division who is trying to track down a hacker who is brutally killing people while the world watches via live streaming. And to make matters worse, the more people who view his site, the faster his victims die.

  1. Blackhat (2015)

In Blackhat, when a nuclear power plant in Hong Kong and the Mercantile Trade Exchange in Chicago are hacked, the FBI and Chinese government team up to track down the cybercriminals responsible for the cyber attacks. They bring in a convicted hacker (played by Chris Hemsworth) to help with the investigation. This hacker movie was lauded much acclaim within the cyber security and hacker communities because of its accuracy in some aspects of the film — for example, (SPOILER ALERT) the way that a bank network hack occurs from a compromised USB drive. It’s a must-see and guaranteed title for this list of hacker movies.

  1. Inception (2010)

This mind-bender of a movie follows a professional thief, played by Leonardo DiCaprio, who uses a form of information-extracting technology to steal corporate secrets from the subconsciousness of victims. However, he’s also a fugitive father who misses his kids. So, when he’s offered a chance to make his criminal history go away in exchange for “hacking” a CEO by implanting a false idea in their head, he initially agrees but soon realizes that things are not what they seem and gets second thoughts.

  1. I.T. (2016)

In I.T., a corporate executive and millionaire, played by Pierce Brosnan, finds his life turned upside-down when he works with an I.T. consultant and finds him getting too close to him and his family. When he fires him, things go wrong very quickly.

  1. Mission Impossible: Ghost Protocol (2011)

This is definitely one of my favorite hacker movies. Ghost Protocol, the fourth movie in the popular Mission Impossible series, involves a decent enough helping of hacking, password cracking, cryptography, and network hijacking action for any thriller and tech fan. His government disavows when Ethan Hunt (a role reprised by Tom Cruise) is blamed for a terrorist attack on the Kremlin, both he and his employer agency IMF. He’s forced to go off the grid and teams up with other fugitive IMF operatives to prove their innocence.

  1. Skyfall (2012)

Skyfall, the 23rd movie in the James Bond movie franchise, brings Bond (played by Daniel Craig) back to memories of his own childhood and tests his loyalty to M (played by Judy Dench) when her own past comes back to haunt her. When MI6 becomes compromised, Bond is the only ally M can trust to face down a mysterious hacker genius. This movie includes some big hacking scenes, although I’ll leave evaluating the accuracy of the actual hacking to the experts.

  1. Snowden (2016)

Snowden is a biopic of the real-life former National Security Agency (NSA) contractor Edward Snowden (played by Joseph Gordon-Levitt) who became one of the world’s most famous whistleblowers. He uncovered and shared with the world about the virtual mountain of data that was being collected on ally foreign governments and American citizens alike. It’s a must-have for any list of must-see hacker movies.

  1. The Imitation Game (2014)

The Imitation Game is about a time during World War II when British intelligence agency MI6 hired Alan Turing (played by Benedict Cumberbatch) to crack Germany’s top-secret Enigma code.

  1. The Social Network (2010)

While Facebook now always seems to be making headlines for one reason or another — often not positive ones — there was once a time when no one had heard of it. Largely, because it didn’t yet exist. This movie The Social Network is based on the story of Mark Zuckerberg (played by Jesse Eisenberg), the Harvard computer genius-turned-creator of the social networking site that was once known as “The Facebook.” Whether you love or hate Facebook, regardless, you can’t deny the popularity of the platform which is used by 2.4 billion users as of Q3 2019. So, on the list of hacker movies it goes!

  1. Who Am I (2014)

Who Am I is a German techno-thriller hacker movie about a subversive hacker group in Berlin that’s intent on gaining global fame.

  1. Ghost in the Shell (2017)

Ghost in the Shell is a popular science fiction manga created by Masamune Shirow that has been adapted for television, video games and cinema but always in animation format. On March 31, the adaptation of Ghost in the shell with flesh and blood actors and actresses arrives in Spanish cinemas. Scarlett Johansson has been in charge of bringing to life the futuristic cyborg secret police (cybernetic organism), Major Motoko Kusanagi, which fights against technological crimes.

  1. Sneakers (1992)

One of the best hacking movies for cybersecurity on our list is Sneakers released in 1992. Robert Redford stars in Sneakers as a computer genius Martin Bishop. Martin leads a group of I.T. experts who are in charge of the security systems of large companies. All of them are involved in a situation that forces them to work for a secret agency for which they will have to steal a black box capable of deciphering codes.

  1. Pirates of Silicon Valley (1999)

The origin of Microsoft and Apple is the central plot of Pirates of Silicon Valley. Based on the book by Paul Freiberger and Michael Swaine, Fire in the Valley: The Making of the Personal Computer. It explains the rivalry that existed between Steve Jobs and Bill Gates in the development of the personal computer. Several Steve Jobs films have been directed, such as Jobs (2013) with Ashton Kutcher and Steve Jobs (2015) with Michael Fassbender, directed by Danny Boyle.

  1. Takedown (2000)

Also known as Hackers 2 and Track Down in the U.S. This take-down best hacking movie is a film based on real events. The story is based on the book of the same name (Takedown) written by journalist John Markoff and by Tsutomu Shimomura, a computer security expert who tells in the book his personal experiences. Takedown deals with how Tsutomu Shimomura helped the FBI capture Kevin Mitnick, a famous hacker who, even while on probation, tried to hack Shimomura’s computer security system. In short, an epic pursuit in cyberspace.

  1. Hackers 3

Also known as Hackers 3, Antitrust criticizes monopolistic practices in the 1990s. Milo Hoffman (Ryan Phillippe), a computer genius, is invited to work for one of the world’s largest technology companies. After the death of his best friend, Milo begins to suspect if his new job had anything to do with it. The fictitious company Milo starts working for was linked to Microsoft and its fictitious owner Gary Winston to Bill Gates.

  1. The Hacker Wars (2014)

Though crime may seem disingenuous due to it being behind screens, there is a lot at stake regarding our right to privacy, politics, and even more–this film takes a closer look at what exactly hackers are fighting for and why.

  1. The Imitation Game (2014)

An early example of a notorious hacker, Alan Turing must crack the code of the German Enigma to help bring an end to the atrocities of World War II.

  1. Algorithm (2014)

After a freelance computer hacker stumbles upon a hidden government computer program, he must come to terms with a revolution that is bursting at the seams with innovation and danger.

  1. DSKNECTD (2013)

Smartphones and social media have undoubtedly connected humans in many ways previously unknown while seemingly disconnecting us in others–this film looks at how society has changed following these technological revolutions, looking at both the pros and cons of constant connection to the Internet.

  1. DEFCON: The Documentary (2013)

This movie is an extensive look into the world’s largest hacking conference with a one-time allowance for a film crew to bypass the notorious “no cameras” rule to document the event, the people attending, and what it means to take part in the hacking community worldwide.

  1. Hacking Democracy (2006)

American activists search for the root of a potential miscount in the 2004 presidential election, revealing flaws about the current system of voting digitally.

  1. Firewall (2006)

A man mostly familiar with security must save his family by dismantling and robbing the bank he works at to have the money to pay their ransom.

  1. Reboot (2012)

When a hacker awakens from a deep sleep after a traumatic event, she discovers an iPhone glued to her hand and a mysterious timer that is ticking away.

  1. We Steal Secrets: The Story of WikiLeaks (2013)

This documentary investigates the origins of WikiLeaks, the website created by Julian Assange that presented stolen information from the US government to bring justice to corruption. The film explains how this ended up being a big part of the most significant security violation in US history and examines the effects it had on democracy and cybersecurity.

  1. Takedown (2000)

Hacker Kevin Mitnick rose to prominence with his controversial arrest in 1995–this movie is a re-telling of the events leading up to this arrest, going deep into his hacking origins and interest in social programming.

  1. Antitrust (2001)

After landing his dream programming job at a Portland-based company, one man is shocked to discover the dark side of the process, being forced to confront unethical and ruthless tactics used by his boss.

  1. Revolution OS (2001)

Though Microsoft ruled the computer market of the early 2000s, this film goes into the fanbase of users who were disillusioned by the company and preferred more open-source methods, leading to the development and cultivation of Linux and other OS methods.

  1. Hackers Are People Too (2008)

This humanizing look at hackers dismantles common tropes and stereotypes about hackers, creating a portrait of a community that was constructed by the community it speaks about.

  1. Colossus: The Forbin Project (1970)

After the U.S. government sets up a computer system to handle its nuclear missile defenses, it develops a mind of its own.

  1. The Net (1995)

After stumbling upon a conspiracy, a programmer’s life is changed immediately as she is given a new identity as a result of her exposure to the classified information. As she figures out what is going on, the society begins to be anguished by peril.

  1. We Are Legion: The Story of the Hacktivists (2012)

This documentary describes the creation and sustainability of the self-described “hacktivist” group Anonymous, what they stand for, and how they run their organization on the internet.

  1. The Fifth Estate (2013)

Based on a real story, an internet start-up filled with controversy is dissected by those within it to understand how it functions and if it can continue efficiently and ethically.

  1. Eagle Eye (2008)

Two strangers are unified by a phone call that subsequently threatens not only their lives but also their families. Through the use of technology, they are tracked and coerced into dangerous situations against their own will, leaving them to find a way out.

  1. The KGB, the Computer and Me (1990)

A thrilling but true story, after finding a discrepancy while working at the Lawrence Berkeley Laboratory in 1986, Clifford Stoll must figure out precisely what is going on as he races to find out who is hacking the system. This search takes him all the way to Hannover, Germany and reveals the perpetrator to be Markus Hess, disclosing ties to the KGB in the midst of a curious operation.

  1. Virtuosity (1995)

An ex-cop is tasked with stopping a computer simulation created from the personality profiles of serial killers after it creates a human body and begins replicating infamous murders in real life, seeking to improve on the originals

  1. Foolproof (2003)

Leading a group that focuses on pulling off heists, Kevin, Sam, and Rob find themselves forced to pull off the most extensive heist yet after being blackmailed by a gangster. They soon realize this is a dangerous mission, opening up a struggle to complete the task and stay alive in the process.

  1. Real Genius (1985)

While these teenage geniuses are developing a laser for a university project, they begin sabotaging the project after discovering that their professor intends to use the weapon for military-grade action.

  1. The Triumph of the Nerds: The Rise of Accidental Empires (1996)

Beginning in the 1970s, this movie looks at the modest beginnings of the computer industry up until the Dot-com boom of the 1990s, focusing on its creators and how they were able to change the world from their parents’ garages.

  1. War for the Web (2015)

This documentary sheds light on how the Internet works, unmasking its physical infrastructure and raising questions about ownership and precautions against monopolies in the modern marketplace.

  1. GoldenEye (1995)

James Bond must save the world from a nuclear disaster by someone whom he thought was dead, teaming up with a survivor from a Russian research center to solve the mystery.

  1. Hackers: Wizards of the Electronic Age (1984)

Providing an old look at hacking, this documentary from the 1980s consists of interviews taken from a 1984 hacker conference in California, shedding light on the hacker community of the time.

  1. One Point O (2004)

A young computer-programmer can’t figure out how to complete a code he is working on and doesn’t know why. When unknown packages show up at his door one day, he must figure out their origins through a daring investigation.

  1. In the Realm of the Hackers (2003)

Having just completed one of the most comprehensive hacks of its time (the 1980s), mysterious hackers Electron and Phoenix had nearly gotten away with stealing a security list to break into one of the world’s most classified systems before one of them outed themselves to the New York Times. This documentary focuses on their arrests ten years after it happened, using that as a gateway to discuss the ethics and risk of underground hacking.

  1. Cyberbully (2015)

A teenager is blackmailed through the internet by a criminal as a result of her cyberbullying others and is forced to follow the hacker’s commands to avoid having lewd photos of her posted online.

  1. Code 2600 (2011)

Our society has already changed incredible amounts in the past 20 years, the era that is commonly referred to as the Info-Tech Age. This film explores the pros and cons of how our improved connectivity has affected our lives.

  1. The Matrix Revolutions (2003)

Neo must continue to understand his place within a limbo world as an isolated number of humans begin to understand their position trapped in a virtual reality dream against their will.

  1. The Accountant (2016)

An accountant begins working for a new client and quickly realizes it is a more dangerous job than he expected, bringing in technological advancements and threats.

  1. Silicon Cowboys (2016)

The developers of the Compaq portable computer faced a difficult fight against IBM in the 1980s as the personal computer became accepted in the mainstream–this documentary highlights their hardships and tribulations.

  1. Hacker (2016)

The young, Ukrainian hacker Alex Danyliuk turns to a life of criminal hacking after his mother loses her job, targeting banks along the way.

  1. Risk (2016)

Focusing on the life of Julian Assange, this documentary details his philosophy and upbringing, including the controversies he endured as the founder of WikiLeaks.

  1. Hackers Wanted (2009)

An exploration of the ethics behind hacking, Hackers Wanted uses the work of Adrian Lamo to speak about the reasons why people begin hacking and the included repercussions.

  1. Julian Assange: A Modern Day Hero? Inside the World of WikiLeaks (2011)

This documentary focuses on the impact and history of WikiLeaks, taking an unbiased approach to describe its infamous founder, Julian Assange.

  1. Secret History of Hacking (2001)

This documentary provides an extensive look at hacking, looking at the phone phreak phenomenon of the late 20th century and hackers such as John Draper (Captain Crunch), Steve Wozniak, and Kevin Mitnick.

  1. Disconnect (2012)

The digital age can connect us, sure, but it can also be very isolating–this film explores what it means to feel lonely in a world where everybody is connected.

  1. We Live in Public (2009)

The life of Josh Harris is a complicated one. This documentary investigates that life, following the entrepreneur’s career as the founder of JupiterResearch and Pseudo.com, the Dot-com bubble, an art project he did to project Orwellian ideas, and discussing what it means to broadcast our lives in the 21st century.

  1. Indie Game: The Movie (2012)

Indie developers don’t have it easy–this movie explores what precisely this means, focusing on the personal, financial, and creative endeavors that must be troubleshooted to create a successful indie game.

  1. Algorithm (2014)

After a freelance computer hacker stumbles upon a hidden government computer program, he must come to terms with a revolution that is bursting at the seams with innovation and danger.

  1. Startup.com (2001)

Any company beginning their journey as a startup on the internet is sure to face many complications along the way–this film explores the tribulations thrust upon the website govWorks.com, documenting its rise and eventual fall.

  1. The Imitation Game (2014)

An early example of a notorious hacker, Alan Turing must crack the code of the German Enigma to help bring an end to the atrocities of World War II.

  1. Talhotblond: (2009)

Exploring the nuances of online dating and how “everybody lies online”, this movie looks into the murder of 22-year-old Brian Barrett, who was the subject of a psychological game played by a middle-aged woman.

  1. Alphaville (1965)

After a U.S. agent is sent to the futuristic city of Alphaville to solve a mystery, he must take on the burden of the town and begin navigating the technological dystopia to find a missing person and eventually stop the ruling dictator.

  1. Smart House (1999)

When a genius teenager and his family win a computer house that has a mind of its own, they begin to become afraid once it starts resembling a controlling mother and making their lives more difficult than they had expected.

  1. NetForce (1999)

Internet becomes the world’s central nervous system. Netforce, FBI, is created as an elite force fighting crime on internet. The owner of the all dominating software company is suspected of trying to gain total access and control.

  1. “Blackhat” (2015)

Nicholas Hathaway (Chris Hemsworth) consults with FBI Special Agent Carol Barrett (Viola Davis) in Legendary’s “Blackhat,” from director/producer Michael Mann. (Legendary Pictures)

  1. The Circle

In recent years, there’s been lots of hype around Big Brother, microchip implantation, and mass surveillance. And this is the movie that shows you how transparency and privacy can be taken to a new level. Released in 2017, the main cast of “The Circle” includes Emma Watson (“Harry Potter”), Tom Hanks (“Sully”), and John Boyega (“Star Wars: The Force Awakens”). Mae, played by Watson, gets a job in IT at the world’s largest and most powerful tech and social media company. Convinced by the company’s founder, she agrees to participate in an experiment that pushes the boundaries of privacy, ethics, and ultimately her personal freedom.

  1. Disconnect

We can all relate to how the internet has an ever-increasing impact on people’s lives. Released in 2013, “Disconnect” brings the audience three different, and yet somehow overlapping, storylines: a victim who suffers from cyberbullying, a lawyer who communicates constantly through his cell phone but can’t find time to connect with his family, and a couple whose secrets are exposed online. An interesting aspect of the movie is that all the conflicts and relationships stem from laptops, iPads, and cell phones. Watch “Disconnect” to discover the gulf between online and real-world interactions.

  1. The Fifth Estate

The Fifth Estate is a 2013 biographical thriller film directed by Bill Condon about the news-leaking website WikiLeaks. The film stars Benedict Cumberbatch as its editor-in-chief and founder Julian Assange and Daniel Bruhl as its former spokesperson Daniel Domscheit-Berg. Anthony Mackie, David Thewlis, Alicia Vikander, Stanley Tucci, and Laura Linney are featured in supporting roles.

  1. The Great Hack

The movie lays out the nuts and bolts about the Facebook data breach scandal with Cambridge Analytica. Thought-provoking, powerful, and even scary, the documentary will shock you into facing the reality of our online lives and make you think twice before revealing any personal data.

  1. Take down

Takedown is based on the true story of infamous hacker Kevin David Mitnick and his nemesis Tsutomu Shimomura. This hacker movie paints the picture that Mitnick was the blackhat while Shimomura was the whitehat. Mitnick did eventually go to prison, but the real story is probably more nuanced than just black and white. The movie offers a fairly accurate background of the world of hacking and why it’s so alluring for certain impulsive and savant type personalities.

  1. Pi (1998)

After programming his computer to make stock predictions, having it print out one reading, then watching it crash, Max Cohen quickly finds himself with an accurate reading as he realizes that his computer was right. This epiphany sends the number theorist on a chase to find out much more than he bargained for, causing intense distress along the way.

  1. Ghost in a shell

Seems like 1995 was a great year for hacking movies. This beautiful animated Japanese sci-fi movie is based on a cyborg policewoman Major and her partner hunting a cybercriminal called the Puppet Master, who hacks into the brains of cyborgs to get information and use it to commit crimes. Definitely, one to watch for its deep gripping mood and quite a philosophical approach to evolving cyber advancements.

  1. The code

This documentary cybercrime movie will engage you in the history of Linux. You’ll learn more about ideologies that underpin GNU and Open Source. The picture explains why Linux became so popular with users and dwells upon the giFT peer to peer network. Though created for a Finnish audience, the movie has its fans worldwide.

  1. Citizenfour, 2014

A documentary film about Edward Snowden. The original one. Created by Laura Poitras this film includes actual interviews of Snowden in Hong Kong in 2013 and features work by journalist Glenn Greenwald.

  1. Zero Days, 2016

This documentary brings into focus the computer worm named Stuxnet, or “Operation Olympic Games”, that was developed by the US and Israel to damage Iran’s nuclear program. Director Alex Gibney handles the storyline so powerfully that it makes viewers question – is it reality or fiction?

  1. Mr. Robot

Inspired, apparently, by American journalist Barrett Brown — who doesn’t know how to hack and is not in the least technically minded by his own public admission — Mr. Robot made quite a splash in the information security community because the show’s technical advisors went to great pains to get the technical details right.

  1. In Ascolto

Another European favorite, this time in Italian. We struggled to find a trailer for In Ascolto in English, so we’ll have to rely on the IMDB plot summary: “Estranged by the degree of corporate influence within the largest U.S. listening station in the world, an aging NSA officer defects and mounts a clandestine counter-listening station high in the Italian alps.”

Gmail users from US most targeted by email-based phishing and malware

Feedzy

Google revealed that Gmail users from the United States are the most targeted by email-based phishing and malware.

A joint five-month study conducted by Google with Stanford University researchers analyzed over 1.2 billion email-based phishing and malware attacks against Gmail users to determine what are factors influence the risk of attack.

Experts discovered that malicious campaigns are typically short-lived and indiscriminately target users worldwide.

“However, by modeling the distribution of targeted users, we find that a person’s demographics, location, email usage patterns, and security posture all significantly influence the likelihood of attack.” reads the study published by Google. “During our measurement window, we find that attackers targeted, on average, 17.0 million users every week with hundreds of thousands of campaigns that last a median of just one day. These attacks follow a skewed distribution: 10% of phishing campaigns accounted for 76% of phishing attacks, and 10% of malware campaigns accounted for 61% of malicious attachments. Attackers broadly targeted users around the globe as part of their campaigns, with the majority of targets residing in North America and Europe. While 90% of attacks occurred in English, we show evidence that some attackers localize their efforts.”

According to the study, 42% of all targets were from the US, followed by the UK (10% of all attacks) and Japan (5% of attacks).

Both phishing and malware attacks are bursty, experts observed the volume of attacks increasing by 500% at times from week to week. At its peak, the researchers observed 117 million phishing emails targeting 41 million distinct users during the week of May 11, 2020.

“Over the course of our measurement period, we observed a total of
406,002 distinct phishing campaigns and 1,724,160 malware campaigns. Both classes of attacks exhibit a highly skewed distribution.
The top 10% of phishing campaigns account for 76% of phishing
emails, while the top 10% of malware campaigns account for 61% of
emails with malicious attachments.” continues the report.

According to the experts, 89% of malware campaigns last just one day, while the median phishing campaign lasts three days or less. The short duration
a choice of the attackers to evade detection.

Other factors of high risk of being targeted by phishing attacks reported by the experts are:

  • The availability of email or other personal details online froom a third-party data breach.
  • The country where a user accesses Gmail, the highest risk countries are in Europe and Africa.
  • The age, 55- to 64-year-olds are more exposed to attacks compared to 18- to 24-year-olds.
  • Type of devices. Compared to users owning multiple types of devices, users who own only a personal computer face slightly lower odds of targeting (0.90) and mobile-only users face even lower risks of attack (0.80).
  • Email activity. The odds of being targeted increase with the level of engagement with Gmail. Of course, active users face higher likelihoods of being targeted, with those most frequently interacting with Gmail being, on average, 5.18 times more likely to be targeted than an inactive user.

If you want to receive the weekly Security Affairs Newsletter for free subscribe here.

Pierluigi Paganini AuthorPierluigi Paganini

International Editor-in-Chief

Cyber Defense Magazine