Aggregator

Boards of directors are being told that cybersecurity is now central to business resilience and growth, and that they must engage more directly in the way their organizations manage risk. A new report from Google Cloud’s Office of the CISO lays out three areas where board oversight is becoming especially important: ransomware, cyber-enabled fraud, and the intersection of innovation and cybersecurity. Ransomware is shifting to identity and help desks The report describes how ransomware attacks … More →

The post Boards are being told to rethink their role in cybersecurity appeared first on Help Net Security.

There is constant pressure on security leaders to decide which controls deserve the most attention and budget. A new study offers evidence on which measures are most closely linked to lower breach risk and how organizations should think about deploying them. Marsh McLennan’s Cyber Risk Intelligence Center (CRIC) analyzed thousands of organizations’ responses to its Cyber Self-Assessment and compared them with claims data. The findings highlight which controls matter most for lowering breach likelihood. Incident … More →

The post Cybersecurity signals: Connecting controls and incident outcomes appeared first on Help Net Security.

The Netherlands has officially disclosed a cyber-espionage campaign linked to China that has impacted critical sectors across the

The post Netherlands Confirms Chinese Cyber-Espionage Campaign appeared first on Penetration Testing Tools.

In this episode, we discuss if the convenience of modern technology compromises our privacy. Inspired by a thought-provoking Reddit post, we explore how everyday actions like saving passwords, enabling location tracking, and using cloud backups put our personal data at risk. Learn about the trade-offs between convenience and privacy, and get tips on using privacy-focused […]

The post Convenience vs. Privacy: Can We Have Both? appeared first on Shared Security Podcast.

The post Convenience vs. Privacy: Can We Have Both? appeared first on Security Boulevard.

More than 80 percent of large U.S. companies were targeted by socially engineered fraud in the past year, according to Trustmi’s 2025 Socially Engineered Fraud & Risk Report. Nearly half of those organizations reported a direct financial loss, with many incidents costing more than $500,000. The findings show that these attacks are recurring problems that disrupt operations, trigger audits, and shake trust across the business. CISOs who treat fraud as a rare finance problem may … More →

The post GenAI is fueling smarter fraud, but broken teamwork is the real problem appeared first on Help Net Security.

互联网情报公司GreyNoise报告称，其已记录到扫描活动出现显著激增的情况——有近1971个IP地址同步探测微软远程桌面Web访问（Microsoft Remote Desktop Web Access）及RDP Web客户端的认证入口，这一现象暗示可能存在协同的侦察攻击行动。

研究人员表示，这种活动规模已出现巨大变化，以往每天通常仅观测到3-5个IP地址进行此类扫描。

GreyNoise指出，这波扫描是在测试可用于验证用户名的时间上的漏洞，为后续基于凭据的攻击，如暴力破解或密码喷洒攻击做准备。

当系统或请求的响应时间无意中泄露敏感信息的情况时，就会出现时间上的漏洞。在此场景中，当RDP对使用有效用户名与无效用户名的登录尝试做出响应时，若存在细微的时间差异，攻击者就可能据此推断该用户名是否正确。

GreyNoise还提到，有1851个IP地址具有相同的客户端特征，其中约92%已被标记为恶意IP。这些IP地址主要源自巴西，且攻击目标为美国的IP地址，这表明可能是单个僵尸网络或同一工具集中实施扫描。

研究人员称，此次攻击的时间与美国返校季相重合，此时学校和高校可能正将其RDP系统重新接入网络。这个时间点或许并非偶然。

执行Microsoft RDP web客户端登录攻击的唯一IP地址

8月正值美国的返校期，高校及K-12学校会将由RDP支持的实验室和远程访问系统重新上线，并新增数千个账户。这些环境通常采用可预测的用户名格式（如学生证号、名姓），这使得用户名攻击的效果更佳。再加上预算限制以及入学期间对访问便利性的优先考量，安全暴露风险可能会急剧上升。 

不过，此次扫描活动的激增也可能意味着新的漏洞已被发现，因为GreyNoise此前发现，恶意流量的激增往往发生在新漏洞披露之前。

负责管理RDP入口及暴露设备的Windows管理员应确保其账户通过多因素认证得到妥善保护，如有可能，应将这些设备置于VPN之后。

Amazon researchers disrupted a watering hole campaign by Russian-linked cyberespionage group APT29 designed to use compromised websites to trick users into giving the threat actors access to their Microsoft accounts and data via the tech giant's device code authentication flow.

The post Russian-Linked ATP29 Makes Another Run at Microsoft Credentials appeared first on Security Boulevard.