Top 100 Cybersecurity News Sites


With millions of websites and downloadable files available on the internet, potential risks of security breach are high, especially with the fast development in technology. In this article, we will list top 100 cybersecurity news sites so you can stay updated and on the lookout.

1. Infosecurity-magazine


InfoSecurity Magazine tackles all that relates to big data, encryption, cybercrime and so much more. They also hold weekly podcasts in which they several other topics.

2. Cyber Defense Magazine


The website is home to the most prominent writers in the field of Cybersecurity and IT. Their aim is to share knowledge with the world and keep people safe from malwares, data breaches and so much more.

3. Security Week


First on our top 100 cybersecurity news sites is It is a website moderated by a team of IT security experts. They constantly provide their readers with the latest news about Cybersecurity.

4. The Hacker News


The hacker new is one of the post popular and most trusted cybersecurity news website on the internet. It has received national recognition and several awards.

5. Cyber Security Magazine


The website focuses on news regarding cybersecurity news for consumers with a series of informative articles.

6. E-Hacking News.


E-Hacking news’ top topics are Malware, Mobile Security and Data Breach. If you want to keep yourself safe, we highly recommend that you pay the website a visit whenever you can.

7. We Live Security


If you are looking for the latest news about privacy, cybersecurity and keep yourself away from scams, WeLiveSecurity will keep you safe and updated.

8. Comodo News.


If you are just beginning to enter the wide field of security, Comodo News simplifies matters as much as possible for its readers and at the same time provide all the information you will need.

9. Help Net Security


This website is focused on cybersecurity business news and the security of your enterprise.

10. CSO


Available in 5 regions including USA, UK and India, CSO offers its readers news about data protection and the continuity of business. The articles posted here contain enough tips to keep your information safe.

11. Dark Reading.


There is no doubt that the Dark Reading is one of the most popular cyber security websites. A trusted source with thousands of readers every day led by security specialists, researchers and chief information security officers.

12. The Security Ledger


Although they post less frequently, The security ledger is amongst the top 100 cybersecurity news websites that is worth visiting.

13. SCmagazine


With 30 years of experience, SC Magazine share everything related to cybersecurity industry through a team of experts and specialists.

14. Information Security Buzz


ISBuzz News’ team will offer you guidance and opinions about everything related to cyber security alongside with the latest news

15. GBHackers On Security


Everyday there is a news story on GBHackers that covers cybersecurity in all its aspects.

in all its aspects.

16. Techworm


Your privacy is their goal. Techworm specialists are obsessed with cybersecurity. They will bring you news from all over the world to reach on your comfortable couch.

17. Bank Info Security


If you are on the hunt for cybersecurity Business news websites, you will not find better than BIS. They specialize in covering risk management and information security.

18. HackRead


For cybersecurity consumer news websites, you will find that Hack Read answers all your questions through a wide array of informative articles.

19. The CyberWire


Cyber Wire is an independent website that managed to become one of the top cybersecurity news providers on the internet. They deliver information in the simplest way possible for you to fully understand.

20. Cybers Guards


If you are interested in Cybersecurity, chances are you have already heard of Cyber Guard. If not, then there is no better time to read more about cyber attacks and how to keep your data safe.

21. IT Security Guru


This website will keep you posted regarding the latest cybersecurity and IT news.

22. Infosecurity


With ten years of experience, this website have award winning cybersecurity and IT specialists who write articles of the latest news in their field of work.

23. CyberNoticeBoard


Through reading the news on Cyber Notice Board, you will be able to keep your cyberspace secure from any malicious attacks and stay updated on what is new.

24. Internet Storm Center


ISC started fighting cyber-attacks since 2001 with the help of international forces of the same interest. They post new articles as well as podcasts on daily basis.

25. Virtualattacks


Get yourself acquainted with future cybersecurity trend before they even occur. Virtual Attacks give in-depth cybersecurity news and what should be done to prevent such attacks.

26. K12


The K-12 Cybersecurity Resource Center if focused on cybersecurity research as well as daily news. It is the most information packed website on our top 100 cybersecurity news websites

27. Binary Blogger


This website offers news in the form of articles, podcasts and through social media. Cybersecurity is their strongest field and through using their materials, you will keep your data safe.

28. Binary Defense


The news section of Binary Defense is packed with useful information to keep yourself safe from Cyber-attacks.

29. Gov Info Security


GIS is amongst the best cybersecurity Government news and one that is worth checking on daily basis. Cybercrime amongst others, is a strong subject in which they specialize.

30. Hacker News Bulletin


The specialists in this website will give you all the news and tip you need to keep yourself updated and secure from malicious cyber-attacks.

31. Cyber Safe


Cyber Safe is amongst the most well informed website in cybersecurity news. They bring hot topics to the table before they are posted anywhere else.

32. Search Security.


Search Security is an award winning website that covers everything related to cyber security and safety. They post more than 3 times a day and provide tips on how to keep your data secure.

33. Naked Security


If it is advice, opinion or tips regarding cyber security, Naked Security will provide you with that and much more.

34. Security Gladiators


With internet security as their field of expertise, Security Gladiators is leading provider of cybersecurity consumer news about technology, streaming and gaming.

35. Daniel Miessler


It may sound too much for a one man, but Daniel Miessler is a professional and can be considered a force when it comes to Cybersecurity. He writes news and guide that you will find very useful.

36. Adam Shostack & Friends


At first glance, it may not look like a perfectly designed website, but it contains huge loads of information and news about cybersecurity.

37. Tripwire’s State of Security.


The website welcomes posts and news from the most prominent professionals in cybersecurity field. It won several awards for the work they provide.

38. The Last Watchdog


The website is founded by the Pulitzer winning writer Byron V. Acohido. An expert in cyber security and privacy.

39. Threat Post


The website dives deeper into every aspect of cybersecurity and thus providing the readers with both articles and podcasts.

40. Tao Security.


Although it is a simple blog, Richard Bejtlich makes sure to keep his reader updated regarding the latest cybersecurity news.

41. The Akamai Blog


You can consider Akamai as an open forum to discuss cybersecurity news and at the same time a website from which you will be able to get the most recent news.

42. Bleeping Computer


The news section of bleeping computer has all that you need to keep yourself educated about cybersecurity.

43. Schneier


This is one of the most celebrated cybersecurity managed by the world-renowned cybersecurity technologist Bruce Schneier.

44. Graham Culely.


Since 2009, Graham has been an avid cybersecurity professional and have now put all his experience in his blog in which he shares news and tips constantly

45. Krebs On Security


Kerbs a cybersecurity writer and reported, he brings to light news and information about the industry.

46. Cyware


The security section of Cyware is constantly updated with the latest news on cybersecurity.

47. Dan Kaminsky


Dan’s blog covers everything related to security. He is a leading expert in cybersecurity who shares his experience on the web.

48. Hacking Articles


Hacking articles contain all information you need about cybersecurity. Each day, more content is added.

49. Security Bloggers Network


This is a collection of more than 250 websites and blog about cybersecurity.

50. Liquid Matrix.


A blog full of long articles about cybersecurity with in-depth details.

51. Troy Hunt.


You have probably heard of the name, but if have not; Troy is security expert who dedicated his time to share his experience with readers.

52. Marco Ramilli


Marco Ramilli’s Blog is an outstanding source of information and news about cybersecurity in all aspects.

53. Zero Day.


Zero Day is known for being fast with delivering the most recent cybersecurity news to the readers.

54. Notice Bored


Gary Hinson posts the most recent news and topics about cybersecurity every day

55. SecurityTrails


ST provide weekly posts and news, you can consider it as a summary of what happens every week in cybersecurity.

56. PerezBox


With more than 16 years of experience, Tony know the industry very well and helps his readers stay updated through sharing articles and blogs.

57. Cytelligence


Daniel Tobok have managed to help several companies secure their data and information and now he is sharing his experience with readers and bringing them news.

58. Talos


The team at Talos care most about making people’s data safe from malicious attacks, they share cybersecurity news as well as podcasts.

59. Security Affairs


Considered as Europe’s best personal security blog, news and information related to cybersecurity is shared daily.

60. FSecure.


This blog contain a huge amount of information and news about cybersecurity and mobile security in particular.

61. Hacker Combat.


Hacker Combat has one of the most educated community about cybersecurity; they share news and information around the clock.

62. FireEye


On this blog, you will find both cybersecurity business news and consumer news as well as tips to keep your data safe.

63. Andrew Hay


Having worked at OpenDNS, DataGravity, and CloudPassage, Andrew is quite the expert in cybersecurity and he shares news about the industry.

64. Flying Penguin


A team of the most remarkable cybersecurity experts post news on the website every day.

65. Security Weekly.


On Security Weekly, you can read news articles, listen to radio and watch podcasts related to cybersecurity.

66. Arstechnica


The security section of Arstechnica reports the most recent news related to cybersecurity in all its aspects.

67. Veracode


Focused on mobile security and hacking, the experts at Veracode know exactly what to report to their readers.

68. CIO Security.


The security section on CIO security posts the most recent news and research in the cybersecurity industry.

69. SANS.


If you are looking for more than cybersecurity news, SANS will also provide you with training. Their news are reliable and trusted.

70. The Guardian ISH


The information section hub of the guardian is packed with news and content is added everyday.

71. Ycombinator


It may not be a flashy website, but ycombinator’s news section perfectly reports fresh cybersecurity news.

72. Homeland Security News Wire


The cybersecurity section on HSNW is one of the best sources of news related to that particular industry.

73. Inside Cybersecurity


This is oriented for business people as it brings them cybersecurity business news and keep the professionals up to date.

74. Secure List


There is no one to provide news than an expert and Secure List is directly funded by Kaspersky Lab, making it one of the most reliable sources of cybersecurity news.

75. BSSI2


The writers at BSSI2 are expert IT professionals who post informative articles and news.

76. Microsoft Malware Protection


If you would like to receive news and alerts related to cybersecurity, MMP is a very good way to do that.

77. Cyber Ark.


Like many websites in this top 100 cybersecurity news websites, Cyber Ark’s goal is to help you keep your self safe form malicious attacks.

78. Vipre


If you are looking forward to be informed about advanced cyber threats, Vipre is the one website you should follow.

79. CNET


The security section of CNET offers the readers all they need to know about cybersecurity by providing news and articles.



Alongside with cybersecurity news, CERIAS provides its visitors with tools and learning resources to battle against cybersecurity.

81. Electronic Frontier Foundation


EFF is all about cybersecurity consumer news. They specialize in securing civil liberties online. They will keep you updated with the recent developments.

82. Knowb4


You will be kept updated about the most recent cybercrime methods and techniques and how to prevent them from happening to you.

83. TechNews.


From hacking to privacy, you will find news about anything related to cybersecurity.

84. Architect Security.


April C. Wright both publishes news and teaches people to stay safe again cybercrime. She writes about personal privacy, hackers, risk management and more.



AFCEA provide its visitors with news in the global security and intelligence sectors.

86. PCmag.


PC mag’s security section provides the most valuable information and the most recent news to its readers.

87. Computer World


It is one of the leading websites in the IT and Computer business, they do not however, neglect cybersecurity news.

88. The Register.


If you are a professional, this is your go to website for cybersecurity and IT news.

89. Digital Guardian


There are many articles on cybersecurity available on the website already, and each day, they add more news for their readers.

90. Peerlyst.


Peerlyst is trusted by professionals, businesspersons and individuals who have interest in cybersecurity.

91. Global Sign


The blog section in on Global Sign is home to several articles about cybersecurity. News are added on daily basis.

92. Security Boulevard


With over 320 member blogs, security boulevard has become home to cybersecurity experts and people interested in the subject.

93. IT Pro Portal


This website has more to offer than news of cybersecurity. It also provides the readers with reviews and several features about the subject.

94. Stay Safe Online.


Stay Safe Online is directly powered by the NCSA and is therefore known for providing the most accurate and fresh news about everything related to cybersecurity.

95. Mashable Cybersecurity.


You have probably heard of Mashable, but id you know they have a cybersecurity section? Now you do, and in it, you will find the most recent news.

96. Hot For Security.


Powered by Bitdefener, Hot for security is quickly claiming its spot in the top cybersecurity news websites.

97. TechCrunch Security.


Tech Crunch needs no introduction. Although they do not post frequently, their security section is one of the most reliable on this list

98. Malware Bytes


Being the leader is safety and cybersecurity, Malware Bytes Lab provides its readers with unlimited amount of information and news.

99. Symantec Blog


Symantec Company is specialized in providing assisting cybersecurity services for individuals, companies and even governments. Their blog s news-packed.

100. McAfee Security


There is no doubt you have heard of the name, but have you checked the blog? You will find the latest news and a variety of informative articles.

North Korea Accused by its Southern Counterpart for Cyberattack on Pfizer

CISO MAG | Cyber Security Magazine

North Korea seems to be getting desperate to resolve the COVID-19 crisis even when the country has not yet officially reported any positive cases. Its southern counterpart has accused them of launching a cyberattack against COVID-19 vaccine maker, Pfizer. This is the second attack reported in the past three months; the first being against AstraZeneca.

Related News:

COVID Vaccine Frontrunner AstraZeneca Targeted by Suspected North Korean Threat Actors

North Korea Targets Pfizer

North Korea has been previously accused of targeting the then COVID-19 vaccine frontrunner, AstraZeneca, to know more about its research. The alleged threat actors used social engineering techniques and baited the employees of AstraZeneca with phishing emails containing fake job offers. They hid malicious links and attachments in these emails that led to the download of data exfiltrating malware. Although the attack was not so successful, it gave impetus to the North to try it on other vaccine makers as well. Thus, taking a cue from its previous campaigns, North Korea has now targeted another vaccine maker, Pfizer.

The accusation has been made by Ha Tae-Keung, a South Korean lawmaker and opposition party member of the parliament. After a security briefing from the National Intelligence Service (NIS), Ha told reporters,  There were attempts to steal COVID vaccine and treatment technology during cyberattacks, and Pfizer was hacked. The NIS though has remained tight-lipped and only accepted that a record of multiple security incidents was discussed in the security briefing without accepting or rejecting Ha’s claims of Pfizer being compromised. The NIS though did mention that it has successfully averted all attacks from the North directed towards its own COVID vaccine research.

As per Reuters, Pfizer’s offices in Asia and South Korea have not yet commented on Ha’s revelations. However, Ha did provide a picture of the notes he had taken during the briefing, but this is not enough to prove anything as of now, and we will have to sit tight to know more. If it is true, there are two conclusions for the motive behind the attack:

  1. North Korea wants to steal vaccine data and COVID-19 research information to develop its own indigenous vaccine.
  2. They wish to sell this information to another country or organization in exchange for a huge sum to support other activities.

Meanwhile, North Korea is set to receive around two million doses of the AstraZeneca/Oxford University vaccine later this year, via the Covax programme.

Related News:

“The battle for the vaccine market to launch cyberattacks has already begun”

The post North Korea Accused by its Southern Counterpart for Cyberattack on Pfizer appeared first on CISO MAG | Cyber Security Magazine.

DopplePaymer Ransomware Gang Behind Kia Motors IT Outage?

CISO MAG | Cyber Security Magazine

Kia Motors has quickly climbed the sales ladder in the U.S. It has captured the market across the country with its gold-standard product offerings like the Telluride, which is incidentally named the “2020 World Car of the Year.” Kia owes a huge part of this success to its latest technology adaptations. It offers great build quality, but it is the tech on offer that woes its customers – its connected car tech. The ability to interact with your car remotely and enjoy functions like remote start and stop of ignition, climate control, seat warming, and boot opening is stunning. But what happens when this goes down? It is an owner’s nightmare and the company’s embarrassment. This is what Kia is going through right now because the company has announced a nationwide IT outage in the U.S.

Kia IT Outage a Ransomware Attack?

On February 13, several Kia customers complained that they were unable to use Kia’s official UVO mobile application for initiating remote commands.

Later Kia put out an “IT service outage” note on its website (refer to the image below) to assure their customers that they would be back soon.

KIA motors IT outage, KIA motors ransomware attack
Image Credit: KIA Motors America

However, it has been nearly five days, and yet the services seem to be down and some reports, which surfaced recently, suggest that Kia Motors America was attacked by the DopplePaymer ransomware gang. This possibly explains the delay in the restoration of services.

According to the reports, the ransom note was left in the name of Hyundai Motors America, which is the parent company of Kia Motors. However, Hyundai Motors does not seem to be affected by this ransomware attack. The DopplePaymer gang informed that they have stolen “sensitive data” and shall require a ransom of 404 BTC (equivalent to $20 million) in exchange for the decryption key. The note carries a link to their TOR page where a countdown timer is set for a deadline, which if not met increases the ransom amount to 600 BTC.

Speaking exclusively to CISO MAG, Purandar Das, CEO and Co-Founder of Sotero Software, said,

One more ransomware incident. While the focus is on recovering the stolen data, minimizing customer exposure, and restoring normal operation, as it rightfully should be, companies ought to start revisiting their security approaches.

There are two parts to this. One, start by making the data useless when stolen. That eliminates a big part of the leverage the criminals have. The data is just as valuable as the operational aspects of the system that are affected. The stolen data also causes long-term damage to innocent consumers who trust organizations to protect their data and privacy.

Adopting newer encryption technologies, which keep data encrypted even while in use, is a must. Second, enabling secure backups of operational systems with fast recovery paths is another. Layering on more security products is not a viable or scalable solution.

Don’t Pay the Ransom, It’s Illegal!

Ransomware is a growing plague and currently, there seems to be no antidote to it other than paying. However, paying the ransom is now illegal in the U.S. as per an advisory issued by the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC). Read more about it here!

Related News:

Why is Ransomware Still a Problem?

The State of Ransomware: From Evolution to Progression

The post DopplePaymer Ransomware Gang Behind Kia Motors IT Outage? appeared first on CISO MAG | Cyber Security Magazine.

California DMV Halts Operations After Vendor Suffers Ransomware Attack

CISO MAG | Cyber Security Magazine

A ransomware attack on a third-party vendor for the California Department of Motor Vehicles (DMV) may have affected users’ sensitive information. DMV stated that Automatic Funds Transfer Services (AFTS), which verifies vehicle registration addresses for local DMV customers, was hit by a cyberattack earlier this month, which may have affected California vehicle registration records of the last 20 months.

The exposed records contain names, addresses, license plate numbers, and vehicle identification numbers (VIN). However, DMV clarified that AFTS does not have access to the customers’ social security numbers, birthdates, voter registration, immigration status, and driver’s license information.

The DMV temporarily halted all data transfers to AFTS and notified the FBI and law enforcement authorities for further investigation on the incident. While there is no evidence whether any cybercriminal group misused the exposed data after the cyberattack, the DMV urged customers to report any suspicious incident.

“Data privacy is a top priority for the DMV. We are investigating this recent data breach of a DMV vendor to quickly provide clarity on how it may impact Californians. We are looking at additional measures to implement to bolster security to protect information held by the DMV and companies that we contract with,” said DMV Director Steve Gordon said.

Not the First Time!

Earlier, information of thousands of drivers was exposed in a data breach after the DMV was hit by a cyberattack that had gone unnoticed for four years. It was found that the social security information of 3,200 driver’s license holders was improperly accessed by federal agencies, including the Department of Homeland Security, Internal Revenue Service, Small Business Administration, and district attorneys in San Diego and Santa Clara counties.

The post California DMV Halts Operations After Vendor Suffers Ransomware Attack appeared first on CISO MAG | Cyber Security Magazine.

Singtel Data Breach: 129,000 Customers including Former Employees Affected

CISO MAG | Cyber Security Magazine

The Accellion hack might have gotten overshadowed by the amount of disruption caused by the SolarWinds hack, but it surely is not lagging by any means when it comes to the outreach of the attack. Critical organizations in the U.S., Australia, and New Zealand have already reported of being indirectly affected by the Accellion hack and now joining this list is Singapore telco giant – Singtel. The company on February 11, issued a statement where it informed all its customers of a security incident through a third-party product, FTA, from Accellion. At the time, the investigation was ongoing, and the extent of the attack was unknown. But now in the latest statement, the telco giant has confirmed that 129,000 of its customers’ data has indeed been breached.

Timeline of the Singtel Data Breach

Accellion which first found out about the zero-day vulnerability in mid-December (tentatively December 13, 2020) initiated a patch almost immediately and started rolling it out to all its customers using the legacy FTA file transfer system. However, Singtel was first contacted for a patch only on December 23, 2020.

Related News:

Ripples of the Accellion Hack Reach Australia; QIMR Berghofer Confirms ‘Likely’ Data Breach

Following the trail, we have formulated the entire timeline as follows:

  • December 23, 2020: Accellion first informed Singtel of the vulnerability.
  • December 24, 2020: Singtel was provided the first patch which its engineers applied instantaneously.
  • December 27, 2020: Singtel applied the second patch.
  • January 23, 2021: Accellion issued another advisory citing that the discovery of a new vulnerability against which the December 27 patch was ineffective. Singtel took down the FTA system instantly.
  • January 30, 2021: Accellion provided another patch to fix the second vulnerability, but an anomaly alert got triggered while Singtel engineers tried to apply it. On checking this alert and running an internal investigation, Accellion informed Singtel that there could have been a possible data breach to their system on January 20.
  • February 9, 2021: The joint investigation found that a certain amount of data was indeed exfiltrated from Singtel’s system.

Who was Affected?

As Singtel is the largest telecom company in Singapore, not just Singaporeans but many foreign nationals who frequent Singapore on a work-basis were skeptical whether they were impacted by this data breach. Based on the investigations and analysis until now, Singtel issued a statement saying that the following data was exfiltrated:

  • Personally Identifiable Information (PII) of approximately 129,000 customers containing National Registration Identity Card (NRIC) and certain combinations of the following information: name, date of birth, mobile number, address.
  • Bank account details of 28 former Singtel employees.
  • Credit card details of 45 corporate customer staff who have Singtel mobile lines.
  • Certain Discrete information of 23 enterprises which includes suppliers, partners, and corporate customers.

Singtel is still carrying out a detailed forensic and criminal investigation with the help of cybersecurity experts, the Cyber Security Agency of Singapore (CSA), and the Police. As due diligence, Singtel will be personally informing all affected customers and providing them a free identity monitoring service that will help them counter suspicious activities on the open internet and darknet, using their leaked identities. Additionally, Singtel has already suspended operations of the legacy FTA system whose end of life was announced by Accellion effective from April 30, 2021.

Singtel Fined for Data Breach Previously

Incidentally, while the investigation was going on, the Personal Data Protection Commission (PDPC) of Singapore found Singtel accountable for violating the Personal Data Protection Act for a data breach involving its “My Singtel” mobile app in 2018. The commission has imposed a S$9,000 (US$6479) fine on them. Read the complete story here.

Related News:

Bug in Accellion’s Software Exposes Data of 1.4 Mn Washington State Residents

The post Singtel Data Breach: 129,000 Customers including Former Employees Affected appeared first on CISO MAG | Cyber Security Magazine.

“Having a universal standard for privacy may not be practically possible”

CISO MAG | Cyber Security Magazine

Anshuman Sharma is a seasoned professional with over 15 years of experience in the field of cybersecurity, leading the Hong Kong & India market for the Investigative Response (VTRAC) practice. He brings unique and vast experience in leading digital forensics and incident response, threat hunting, threat & vulnerability, advisory & security assurance, and PCI DSS compliance. Currently, he is the Principal Consultant, APAC, VTRAC (Verizon Threat Research Advisory Center).

In an exclusive interaction with Augustin Kurian, Senior Feature Writer at CISO MAG, Sharma talks about his journey, the impact of COVID-19 on cybersecurity, the adoption of AI and ML, and the global compliance norms.

Edited excerpts of the interview follow:

AK: You have over 15 years of experience across a wide spectrum of areas spanning information security, cybersecurity, cyber forensics, cyber warfare, risk management, expertise in the SOC and CERT, cloud computing, Big Data, Internet of Things (IoT), MEC, ML, and AI. How has your journey been so far? How has the cybersecurity space evolved in the last 20 years, and how did COVID-19 change the cybersecurity dynamics?

Sharma: My journey in the past 15 years has been fascinating. I need to be on my toes, keeping myself abreast with the latest know-how within the security domain. The security landscape has undergone exponential growth in the past 20 years. For example, two decades ago, organizations were taken by storm with the advent of firewalls. Then came the era of Intrusion Detection and Intrusion Prevention Systems (IDS/IPS).

Moving to the more recent past, with the advent of the Internet of Things (IoT), Artificial intelligence, and Machine Learning (AI & ML), cybersecurity has taken another quantum jump. The threat landscape changed with the advent of the cloud, and the complexity of the threats increased parallelly.

Digital transformation has played a key role in how cybersecurity has changed over the years. We moved from packet-filtering firewalls to next-gen firewalls, which provided other functionalities such as gateway AV controls, web content filtering, and email content filtering.

In the current context, AI and ML is being used for the next generation preventive and detective solutions such as Endpoint Detection and Response (EDR) at the endpoints; Network Detection and Response (NDR) at the network level, and User Entity Behavior Analytics (UEBA) — all utilizing the power of AI and ML to identify anomalies by first understanding what is normal. The contribution that threat intelligence brings to the table cannot be ignored. Threat intelligence (from Clearnet and Darknet) is providing the necessary ingredients for a threat hunting program in an organization, and it matures with the help of EDR and NDR technologies. Couple that with other recently matured and evolving technologies such as Security Incident and Event Management (SIEM), Deception Technologies, and Security Orchestration, Automation and Response (SOAR). This provides the necessary tools to a cybersecurity professional to thwart most of the cyberattacks and/or helps them in detecting many within a timely fashion. Also, matured organizations have great response plans in place as they know, “it is no more a question of if, but when.” The COVID-19 pandemic has changed, possibly forever, the way we work. It has caused many organizations to adapt and/or hasten their roadmap towards digital transformation and has resulted in many organizations such as banks, which traditionally have never moved aggressively towards the cloud or even toward providing remote access to the work environment.

When there is change, there exists a potential for confusion, omissions, and mistakes. Cybercriminals are aware of this and will do their best to capitalize on any opportunities that are afforded by them. I do not mean to imply that the cloud and remote technologies mentioned above are inherently less secure. Rather, the concern arises from the fact that due to the conditions the pandemic has created, most organizations are hurriedly adopting them, and they are often forced to do so while relying on fewer resources in terms of both personnel and revenue. When one adds to that dangerous concoction of digital transformation, the additional ingredient of large-scale remote work enablement, it can easily spell disaster. The likely factors contributing to the incident and breaches in the COVID-19 situation include:

  • Increase in error – These error types are typically due to carelessness and/or hurry on the part of a system administrator or regular end-user, which includes misconfiguration, misdelivery, and publishing errors.
  • Stolen credential-related hacking – Our recent research shows that over 80% of breaches within the hacking category are caused by stolen or brute-forced credentials. The majority of the time, these occur via web apps and/or the cloud. Since businesses are forced to lean on Software-as-a-Service (SaaS) platforms more heavily now, we expect this increased reliance to substantially widen the attack surface for bad actors looking for stolen and brute-forced credentials.
  • Asset management and patching – Most of us will agree that making sure that, all corporate-owned assets are promptly and consistently patched, may be more difficult in the current environment than it has been in the past. However, given the current circumstances in which a large number of employees are being encouraged (or mandated) to work from home, maintaining those newly external workstations for remote access suddenly becomes a much bigger deal.
  • Ransomware likely to rise – Several incidents where the ransomware group was also confirmed to have taken a copy of the data before triggering encryption and posting the data (either partially or entirely) publicly on their website of choice.
  • Impact on the phishing landscape – The surge in remote working due to the pandemic may increase the reliance on mobile phones and tablets. Research from last year’s DBIR report indicates that many users are more likely to click on a malicious link when using a mobile device than a desktop or laptop.
  • The Mind Games – Clearly, COVID-19-related terms are showing up in threat indicators. However, how susceptible people are to them is still an open question. To try to provide an answer, Verizon examined some simulated phishing data provided by a report contributor. Verizon compared emails that contained COVID-19-related terms (such as COVID, Corona, pandemic, Wuhan, SARS, etc.) to those emails that did not contain such references. Based on the data, phishing emails that were related to COVID-19 had a somewhat higher success rate and showed more organizations having far higher click rates, even above 50% in some cases.

AK: CEO frauds are a concern these days. Do you believe the new work from home format has heightened cybersecurity risks on CEOs and those with privileged access?

Sharma: In one of the recent reports, it was mentioned that senior executives are 12x more likely to be the target of social incidents, and 9x more likely to be the target of social breaches than in previous years. One of the factors behind targeting the senior executives is that they have access to the most critical information, and often, they have unrestricted access to such information.

With the new work from home scenario, we expect to see a rise in phishing emails. With the number of executives making use of personal devices for work-related tasks increasing, the risk for compromise becomes greater. So, we may see the number of business email compromise attacks increasing.

AK: When it comes to data security, many times, industries do not know what their critical data is. So, how do you think they can combat it?

Sharma: One of the most important aspects of securing data is being able to answer what sensitive data an organization has (PII, PHI, Payment Data, etc.), where it is stored, processed, and transmitted, who has the access, and what privileges they have, and what it will cost the organization if such data gets leaked. It means that a data classification exercise needs to be carried out.

Organizations are creating massive amounts of data that is both structured and unstructured. The key is to have a sound understanding of business processes and having business process flows to identify the data life cycle — creation, storage, usage, sharing, archiving, and destruction. Having a data classification policy is another important aspect as it identifies any legal and regulatory requirement and setting up of various classification levels. Using an Identity and Access Management Solution (IAM) and Privilege Identity Management (PIM) solution with assigned roles and responsibilities can help in better managing users’ access to data.

Augustin Kurian

About the Interviewer

Augustin Kurian is the Senior Feature Writer and part of the editorial team at CISO MAG and writes interviews and features.


This interview first appeared in the December 2020 issue of CISO MAG. Get all your copies now! Subscribe

The post “Having a universal standard for privacy may not be practically possible” appeared first on CISO MAG | Cyber Security Magazine.

This New Security Feature in iOS 14.5 will Enhance User Privacy

CISO MAG | Cyber Security Magazine

Apple has yet again announced a cool new security feature for iPhone users. And it’s said to be the much-awaited one! The upcoming iOS 14.5 security update will have a new feature that will re-route all Safari’s Safe Browsing traffic via Apple-monitored proxy servers to prevent Google from discovering the IP addresses of iOS users. However, the new feature will only work when users activate the “Fraudulent Website Warning” option on the device.

What is Fraudulent Website Warning?

Some websites use third-party content providers to track users across websites to advertise their products and services. The Fraudulent Website Warning option removes and blocks the data that websites use to track users in Safari. When Fraudulent Website Warning is enabled, Safari will display a warning alert if the website you are visiting is a malicious or phishing site. Safari also sends the suspicious website details to Google Safe Browsing to check the website’s legitimacy.

How to Activate Fraudulent Website Warning

You can enable Fraudulent Website Warnings in Safari by going to Settings >> Safari >> sliding the Fraudulent Website Warning switch to On.

Browsing with Google v/s Apple

Google identifies malicious websites by scanning portions of Google’s web index and adds them to its online database if they prove to be suspicious. Apple sends a hashed prefix of the suspected website’s URL to Google Safe Browsing to check if it has been listed in its database. With the latest iOS 14.5 update, Apple users will experience enhanced web security while browsing on Safari.

Recently, Samuel Grob, a security researcher at Google Project Zero, uncovered a new security feature that Apple added in its iOS 14 version without any revelation. Dubbed “BlastDoor,” the improved sandbox system feature was introduced due to the zero-click exploits that leveraged the Apple iMessage flaw in iOS 13.5.1. Reportedly, the iPhones of 36 Al Jazeera journalists were infected with malware, leaving their devices open to cyber espionage.

The post This New Security Feature in iOS 14.5 will Enhance User Privacy appeared first on CISO MAG | Cyber Security Magazine.

Did Remote Working Make Cybercriminals’ Lives Easy?

CISO MAG | Cyber Security Magazine

With remote work becoming the new normal, organizations globally are getting used to secure the work devices virtually. While the entire working community fit into the new working conditions, cybercriminals also ditched their old tactics and attempted innovative hacking techniques to target the remote workforce.

Adversaries are leveraging specially crafted malware or spyware to infect end-user devices like laptops, smartphones, and Internet of Things (IoT) devices, to pilfer sensitive corporate data. Research from Malwarebytes found a major change in the devices targeted and strategies deployed by threat actors. The 2021 State of Malware Report revealed that the use of tracking applications rose by 565% in 2020, while spyware app detections increased across the same period by 1,055%.

While regular culprits like Adware, Trojans, and cryptocurrency miners declined in 2020, there has been a huge spike in HackTools, Spyware, and other malware designed to compromise and harvest users’ sensitive information.

“In tandem with exploiting fear, cybercriminals sought to gather intelligence about targets. That meant deploying various information-gathering tools through malicious phishing attacks. During this time, threat actors leaned heavily on information stealers, Spyware, and tools that collected information about victims’ systems,” Malwarebytes said.

According to the report, during 2020 cybercriminals focused on:

  • Exploiting public fear on the COVID-19 pandemic.
  • Gather intelligence through phishing attacks, information stealers, and spyware.
  • Upgrading existing malicious tools like Trickbot and brute force attacks.

Key Takeaways

  • Malware detections on Windows business computers decreased by 24% overall, but detections for HackTools and Spyware on Windows increased dramatically — by 147% and 24%, respectively.
  • Mac detections decreased by 38%, though Mac detections for businesses increased by 31%.
  • Malware accounted for just 1.5% of all Mac detections in 2020 — the rest can be attributed to Potentially Unwanted Programs (PUPs) and Adware.
  • Among the top five threats for both businesses and consumers were the Microsoft Office software cracker KMS, the banking malware Dridex, and Bitcoin Miners; business detections for KMS and Dridex rose by 2,251% and 973%, respectively.
  • Detections for the most notorious business threats Emotet and Trickbot fell this year by 89% and 68% respectively, although the operators behind these threats still pulled off several big attacks in 2020.
  • New ransomware called Egregor came onto the scene in late 2020, deployed in attacks against Ubisoft, K-Mart, Crytek, and Barnes & Noble.

“Malicious actors no longer need to be experts at crafting the whole chain of their attacks. The process can be broken up into chunks and these can be refined and perfected. This leaves malware authors to concentrate on making more effective malware, while malware distributors work to improve their networks, all while still making a profit and running their businesses,” Malwarebytes added.

Related Stories:

The post Did Remote Working Make Cybercriminals’ Lives Easy? appeared first on CISO MAG | Cyber Security Magazine.