The Cyber Express
Why Companies Are Now Outsourcing IT and Cybersecurity Services
In an era defined by rapid technological advancements and evolving cyber threats, the outsourcing of IT security services has emerged
Security Affairs
UK outsourcing services provider Capita suffered a cyber incident
UK outsourcing services provider Capita confirmed that the outage suffered on Friday was caused by a cyberattack. Capita, the UK outsourcing giant, confirmed that its staff was locked out of their accounts on Friday after a cyber incident. Capita is one of the government’s biggest suppliers, with £6.5bn of public sector contracts, reported The Guardian. […]
CyberSecurity Dive
CISOs aim to balance investments, outsourcing against risks
Cyberattack risk still largely comes down to human error, regardless of how much organizations spend to bolster defense.
DarkReading
'Muddled Libra' Uses Oktapus-Related Smishing to Target Outsourcing Firms
The emerging cyber-threat group is unusually persistent and nimble, bypassing MFA, stealing data, and using compromised environments for downstream customer attacks.
DataBreaches
Sneaky hackers reverse defense mitigations when detected
Bill Toulas reports: A financially motivated threat actor is hacking telecommunication service providers and business process outsourcing firms, actively...
Security Affairs
Capita warns customers to assume that their data was stolen
UK outsourcing giant Capita is informing customers that their data may have been stolen in the cyberattack that hit the company in early April. In early April, the UK outsourcing giant Capita confirmed that its staff was locked out of their accounts on Friday after a cyber incident. Capita is one of the government’s biggest […]
Bleeping Computer
Capita cyberattack disrupted access to its Microsoft Office 365 apps
British outsourcing services provider Capita announced today that a cyberattack on Friday prevented access to its internal Microsoft Office 365 applications.
Security Affairs
‘Justice Blade’ Hackers are Targeting Saudi Arabia
Threats actors calling themselves Justice Blade targets Saudi Arabia published leaked data from an outsourcing IT vendor. The group of threat actors calling themselves ‘Justice Blade’ published leaked data from Smart Link BPO Solutions, an outsourcing IT vendor working with major enterprises and government agencies in the Kingdom of Saudi Arabia and other countries in […]
ZDNet
Third-party risk management: No one size fits all | ZDNet
Despite predictions in the early days of the pandemic that firms would rein in outsourcing strategies, the third-party ecosystem continues to grow.
Bleeping Computer
Capita warns customers they should assume data was stolen
Business process outsourcing firm Capita is warning customers to assume that their data was stolen in a cyberattack that affected its systems in early April.
Bleeping Computer
Sneaky hackers reverse defense mitigations when detected
A financially motivated threat actor is hacking telecommunication service providers and business process outsourcing firms, actively reversing defensive mitigations applied when the breach is detected.
Bleeping Computer
Capita confirms hackers stole data in recent cyberattack
London-based professional outsourcing giant Capita has published an update on the cyber-incident that impacted it at the start of the month, now admitting that hackers exfiltrated data from its systems.
Bleeping Computer
US govt contractor Serco discloses data breach after MoveIT attacks
Serco Inc, the Americas division of multinational outsourcing company Serco Group, has disclosed a data breach after attackers stole the personal information of over 10,000 individuals from a third-party vendor's MoveIT managed file transfer (MFT) server.
DataBreaches
Monetary Authority of Singapore Sets Out Revised Expectations for Notification of Data Breaches by Licensed Insurers
Rajesh Sreenivasan, Steve Tan, Benjamin Cheong, Lionel Tan, Tanya Tang, Wong Onn Chee, Simon Goh, and Wang Ying Shuang of Rajah & Tann Asia write: On 22...
The Hacker News
[Webinar] When More Is Not Better: Solving Alert Overload
[Webinar] When More Is Not Better: Solving Alert Overload
The Hacker News
Guide: Alert Overload and Handling for Lean IT Security Teams
Guide: Alert Overload and Handling for Lean IT Security Teams
DataBreaches
UK: I was fired for telling ICO of Serco track and trace data breach, claims sacked worker
Gareth Corfield reports: A British coronavirus contact tracer who has said she was sacked from Serco for blowing the whistle on a data breach had part of her...
DataBreaches
Capita IT breach gets worse as Black Basta claims it’s now selling off stolen data
Jessica Lyons Hardcastle reports: Black Basta, the extortionists who claimed they were the ones who lately broke into Capita, have reportedly put up for sale...
Infosecurity News
Capita Boss to Step Down Following Cyber Incident
AWS VP Adolfo Hernandez will replace Jon Lewis as CEO
ZDNet
How to avoid being unwillingly drafted as a cyber combatant in the Russia-Ukraine war | ZDNet
With war drums sounding, it's time to take a long hard look at your own security stance.
Infosecurity News
Businesses Increase Cybersecurity as Budgets Surge in 2024
Over two-thirds of IT decision-makers increase cybersecurity budgets in 2024, prioritizing cloud security and incident response as cyber threats escalate
Security Affairs
The Black Basta ransomware gang hit multinational company ABB
Swiss electrification and automation technology giant ABB suffered a Black Basta ransomware attack that impacted its business operations. Swiss multinational company ABB, a leading electrification and automation technology provider, it the last victim of the notorious Black Basta ransomware group. The company has more than 105,000 employees and has $29.4 billion in revenue for 2022. […]
CSO
Consulting firms jump on the Zero Trust bandwagon
Deloitte's new Zero Trust Access service and HCL's collaboration with Palo Alto Networks mark a sustained trend towards offering Zero Trust security services for clients.
DarkReading
Don't Overlook Twitter's Trove of Threat Intel for Enterprise Cybersecurity
Social media data can provide critical clues to help get ahead of the next cyberattack, experts say.
DarkReading
What Purple Teams Wish Companies Knew
Here are some of the easily avoidable mistakes most companies made last year, gleaned from hundreds of cybersecurity engagements by red and blue teams.
Cyber Security News
Top 10 Best Managed Service Providers (MSP) for CISO, CTO & IT Managers - 2024
Best MSP for CISO, CTO & IT Managers - 1. Perimeter 812. Secureworks 3. IBM 4. Trustwave 5. Wipro 6. Verizon 7. Sophos 8. Symantec.
Cyber Security News
Unlocking The Potential Of Healthcare Through Managed IT Services
In today's rapidly evolving healthcare landscape, the integration of technology into medical practices is not just a luxury but a necessity
CyberScoop
Global network of fake news sites push Chinese propaganda, researchers find
More than 70 bogus sites in North America, Europe, the Middle East and Asia are part of an information operation pushing pro-Beijing messages.
DarkReading
Massive China-Linked Disinformation Campaign Taps PR Firm for Help
A global network of inauthentic news sites present themselves as independent news outlets, offering content favoring China's government and articles critical of the US.
CyberSecurity Dive
Cyber investments on pace to reach $215B in 2024: Gartner
The firm expects security services, the industry’s largest segment, to account for 42% of all spending and rise 11% to $90 billion next year.
The Cyber Express
Play Ransomware Group Lists 17 Victims, 14 US-Based Companies Named
Infamous Play ransomware group has extended its list of victims by adding 17 new names of companies based in the
DarkReading
Looted RIPE Credentials for Sale on the Dark Web
A monitoring exercise identified user details in 716 compromised RIPE NCC accounts, including other valuable credentials belonging to those victims.
CyberSecurity Dive
Threat actors abuse legitimate Microsoft drivers to bypass security
Researchers from Mandiant and SentinelOne say attackers have deployed malware that can allow them to get around security controls.
Cyber Security News
Yellow Pages Hack - Ransomware Gang Leaks Sensitive Data
As per reports, Yellow Pages Group, the Canadian Directory Publisher, has been attacked by the Black Basta Ransomware Group.
SecurityWeek
Size of Early Stage Cyber Deals Continues to Surge: DataTribe
Early stage cyber deals continue to surge in terms of valuation and round size, and cyber may be more resilient to economic conditions compared to other verticals.
PCMag
A Lucrative Scam: Black Basta Ransomware Gang Rakes in $107 Million
The Russian-speaking group has received Bitcoin payments totaling $107 million since 2022, according to a blockchain tracking firm.
Infosecurity News
Outsourcer Capita Claims to Have Contained
Firm has billions of pounds worth of government contracts
Infosecurity News
NHS Cyber-Attack Delays Ambulances
Digital supplier hit by suspected ransomware
Infosecurity News
Black Basta Ransomware Victim Count Tops 500
Affiliates of prolific Black Basta ransomware group have breached over 500 global organizations
Infosecurity News
Services Giant Admits $42m Fallout from Ransomware Attack
Atento case highlights the costs that can stem from serious breaches
The Hacker News
Telcom and BPO Companies Under Attack by SIM Swapping Hackers
Alert: SIM swapping attacks are targeting telecom and BPO companies
The Record
Cyberattack hits three English councils at once, as outsourcer Civica denies blame
The councils for Canterbury, Dover and Thanet in Kent, on England’s southeastern coast, appear to have been impacted by a single incident.
Bleeping Computer
LockBit victim estimates cost of ransomware attack to be $42 million
Atento has published its 2021 financial performance results, which have a massive $42.1 million dent from a ransomware attack the firm suffered in October 2021.
Bleeping Computer
Arms maker Rheinmetall confirms BlackBasta ransomware attack
German automotive and arms manufacturer Rheinmetall AG confirms that it suffered a BlackBasta ransomware attack that impacted its civilian business.
CyberNews
India to generate additional trillion dollars in GDP by 2029 with AI
India’s economy is already the fastest-growing among major nations, and the AI boom could boost GDP growth by an additional 0.9-1.1% each year.
Bleeping Computer
Multinational tech firm ABB hit by Black Basta ransomware attack
Swiss multinational company ABB, a leading electrification and automation technology provider, has suffered a Black Basta ransomware attack, reportedly impacting business operations.
Infosecurity News
Orange España Breach: Dark Web Flooded With Operator Credentials
Resecurity discovered over 1572 compromised customers from RIPE, APNIC, AFRINIC and LACNIC
Infosecurity News
AI Used to Create Malware, WithSecure Observes
The cybersecurity firm confirms that it has observed AI being used to generate malware
Infosecurity News
Capita: Data Was Taken in March Cyber Incident
IT outsourcer claims customer, employee and supplier info may be at risk
Infosecurity News
New Cloud Data Leak Adds to Capita's Woes
Colchester council says multiple local authorities are impacted
The Hacker News
Cybersecurity Tactics FinServ Institutions Can Bank On in 2024
Small banks are facing big threats in the cyber landscape. With limited resources, how can they protect customer data and assets from sophisticated cy
Infosecurity News
UK Pension Scheme: Members Should Assume Capita Data Theft
USS says 470,000 may be affected
The Hacker News
Threat Group UNC3944 Abusing Azure Serial Console for Total VM Takeover
UNC3944 cyber attackers are leveraging Microsoft Azure Serial Console to gain full administrative access to virtual machines.
The Hacker News
Vice Society Ransomware Attackers Adopt Robust Encryption Methods
Vice Society ransomware group has switched to a new custom payload called 'PolyVice" that uses robust encryption with NTRUEncrypt and ChaCha20-Poly130
Infosecurity News
11 Million Patients Impacted in Healthcare Data Breach
HCA Healthcare said personal data of approximately 11 million patients was published on an online forum
CyberSecurity Dive
MGM, Caesars attacks raise new concerns about social engineering tactics
Multiple threat groups have employed the same criminal tool kit to target vulnerable systems.
Bleeping Computer
Save big on this in-depth ethical hacking course bundle — now just $46
The All-in-One Super-Sized Ethical Hacking Bundle is on sale for just $45.99 (reg. $1098) for a limited time only.
Infosecurity News
Signed Microsoft Drivers Used in Attacks Against Businesses
In some cases, the threat actor's intent was to ultimately provide SIM-swapping services
SecurityWeek
Cybercrime Group Exploiting Old Windows Driver Vulnerability to Bypass Security Products
A cybercrime group tracked as Scattered Spider is exploiting an old vulnerability in Intel Ethernet diagnostics driver for Windows to bypass security products.
CSO
Conti-linked ransomware takes in $107 million in ransoms: Report
A ransomware campaign linked to the ostensibly defunct Conti malware group has targeted mostly US businesses, in a costly series of attacks.
Cyber Security News
Over 1800 Android and iOS Apps Leaking Hardcoded AWS Credentials
The cybersecurity researchers at Symantec have recently warned of the risks related to poor security practices, pointing out that it found hardcoded credentials for AWS in more than 1,800 Android and iOS applications.
SecurityWeek
Black Basta Ransomware Group Received Over $100 Million From 90 Victims
The Black Basta ransomware group has infected over 300 victims and received more than $100 million in ransom payments.
CyberSecurity Dive
As companies tighten tech spend, demand for cybersecurity services grows
Managed service providers can help fill talent needs and tame costs, but that strategy may require additional risk mitigation.
SecurityWeek
EPA Issues Alert After Finding Critical Vulnerabilities in Drinking Water Systems
The EPA has issued an enforcement alert, outlining the steps needed to comply with the Safe Drinking Water Act.
Bleeping Computer
Yellow Pages Canada confirms cyber attack as Black Basta leaks data
Yellow Pages Group, a Canadian directory publisher has confirmed to BleepingComputer that it has been hit by a cyber attack. Black Basta ransomware and extortion gang claims responsibility for the attack and has posted sensitive documents and data over the weekend.
SecurityWeek
Equifax Fined $13.5 Million Over 2017 Data Breach
UK’s financial watchdog FCA imposes a £11 million (approximately $13.5 million) fine to Equifax over the 2017 data breach.
Bleeping Computer
In-House vs. External Pen Testing: Which is Right For Your Organization?
Regular penetration testing is an important step in developing secure web applications. Outpost24 PTaaS solution is an on-demand, pay-as-you-go service that provides access to specialist external pen testers and tools that work as extensions of your in-house SecOps team.
The Record
TV advertising sales giant affected by ransomware attack
Ampersand — co-owned by Comcast Corporation, Charter Communications and Cox Communications — confirmed it had dealt with a ransomware incident but declined to say when the attack occurred or whether a ransom would be paid.
Bleeping Computer
Ascension redirects ambulances after suspected ransomware attack
Ascension, a major U.S. healthcare network, is diverting ambulances from several hospitals due to a suspected ransomware attack that has been causing clinical operation disruptions and system outages since Wednesday.
Bleeping Computer
US govt contractor ABB confirms ransomware attack, data theft
Swiss tech multinational and U.S. government contractor ABB has confirmed that some of its systems were impacted by a ransomware attack, previously described by the company as "an IT security incident."
CyberSecurity Dive
World Economic Forum officials warn global instability could lead to catastrophic cyber event
A report released at the WEF said top business leaders and security experts fear heightened geopolitical tensions could result in a major attack in the next two years.
Bleeping Computer
Black Basta ransomware made over $100 million from extortion
Russia-linked ransomware gang Black Basta has raked in at least $100 million in ransom payments from more than 90 victims since it first surfaced in April 2022, according to joint research from Corvus Insurance and Elliptic.
Bleeping Computer
Ukraine says it hacked Russian aviation agency, leaks data
Ukraine's intelligence service, operating under the Defense Ministry, claims they hacked Russia's Federal Air Transport Agency, 'Rosaviatsia,' to expose a purported collapse of Russia's aviation sector.
The Record
Serbian government reports ‘massive DDoS attack’ amid heightened tensions in Balkans
The Serbian government announced on Saturday that the website and IT infrastructure of its Ministry of Internal Affairs had been hit by several “massive” distributed denial-of-service (DDoS) attacks.
CyberSecurity Dive
Changing cyber insurance guidance from Lloyd’s reflects a market in turmoil
Rising ransomware attacks and higher payout demands have battered the insurance industry, leaving many organizations exposed and vulnerable.
The Record
Ransomware gang threatens Raleigh Housing Authority months after devastating attack
A ransomware gang has started posting sensitive personal information connected to a devastating attack on the Raleigh Housing Authority (RHA) that disrupted the organization for weeks in May.
The Hacker News
Two LAPSUS$ Hackers Convicted in London Court for High-Profile Tech Firm Hacks
Remember the hacks on Uber, Revolut, & Rockstar Games? Two UK teenagers, part of the infamous LAPSUS$ gang, convicted for high-profile hacks.
SC Magazine
Black Basta’s ransom haul tops $100M in less than 2 years
Analysis reveals 18 of ransomware gang Black Basta’s 300-plus victims were extorted over $1 million each, with one handed over $9 million.
SecurityWeek
EU Court: Google Must Delete Inaccurate Search Info If Asked
Google has to delete search results about people in Europe if they can prove that the information is clearly wrong, the European Union’s top court said Thursday.
Security Affairs
AnyDesk Incident: Customer Credentials Leaked and Published for Sale on the Dark Web
Resecurity identified bad actors offering a significant number of AnyDesk customer credentials for sale on the Dark Web.
Security Affairs
Vice Society ransomware gang is using a custom locker
The Vice Society ransomware group has adopted new custom ransomware, with a strong encryption scheme, in recent intrusions. SentinelOne researchers discovered that the Vice Society ransomware gang has started using a custom ransomware that implements a robust encryption scheme, using NTRUEncrypt and ChaCha20-Poly1305 algorithms. Vice Society ransomware has been active since June 2021, it is considered […]
Infosecurity News
UK Regulator Fines Equifax £11m for 2017 Data Breach
The UK FCA held Equifax Ltd responsible for failing to protect UK consumer data held by its US-based parent company
Infosecurity News
Leeds Talent Pool Attracts BlueVoyant’s First UK SOC
The proximity of organizations’ headquarters, like Asda’s and NHS England’s, prompted BlueVoyant to choose Leeds as the location for its first UK SOC
The Hacker News
Financially Motivated UNC3944 Threat Actor Shifts Focus to Ransomware Attacks
UNC3944 threat actor now turns to ransomware attacks, targeting critical systems. Understand their tactics, and learn how to protect your organization
The Record
Hackers seek to help — and profit from — Iran protests
The safety of censorship evasion assistance offered by some hacker groups is unclear.
ZDNet
Cloud computing security: New guidance aims to keep your data safe from cyberattacks and breaches | ZDNet
More businesses are moving to the cloud - and cyber criminals know on-demand IT can be an easy target if it's not secured properly.
The Record
After Ascension ransomware attack, feds issue alert on Black Basta group
The FBI, CISA and Department of Health and Human Services (HHS) alerted healthcare organizations to the group's activities. A separate report said Black Basta was behind the attack on Ascension healthcare system.
The Hacker News
Okta Warns of Social Engineering Attacks Targeting Super Administrator Privileges
Beware! Okta warns of social engineering attacks aimed at admin credentials. Threat actors are manipulating multi-factor authentication settings.
Bleeping Computer
Windows Quick Assist abused in Black Basta ransomware attacks
Financially motivated cybercriminals abuse the Windows Quick Assist feature in social engineering attacks to deploy Black Basta ransomware payloads on victims' networks.
SecurityWeek
Security Firms Warn Microsoft of Signed Drivers Used to Kill EDR, AV Processes
Several cybersecurity firms have warned Microsoft that cybercriminals have been using signed malicious drivers to kill antivirus and EDR processes.
Security Affairs
Security Affairs newsletter Round 414 by Pierluigi Paganini – International edition
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. CISA adds Veritas Backup Exec flaws to its Known Exploited Vulnerabilities catalog Apple addressed two actively exploited zero-day flaws MSI confirms security breach after Money Message ransomware attack […]
Ars Technica
Microsoft EU cloud revisions just so happen to exclude Google, Amazon
Move to appease EU partners bars running MS apps on competitors' infrastructure.
CSO
Ballooning growth of digital identities exposing organizations to greater cybersecurity risk
New enterprise initiatives are driving up the number of human and digital identities, increasing security risks.
Bleeping Computer
CISA: Black Basta ransomware breached over 500 orgs worldwide
CISA and the FBI said today that Black Basta ransomware affiliates breached over 500 organizations between April 2022 and May 2024.
DataBreaches
Equifax’s U.K. Arm Fined Over 2017 Data Breach
Margot Patrick reports: Equifax’s (EFX) U.K. arm was fined around $13.6 million Friday for failing to protect the data of millions of British customers in...
Bleeping Computer
Vice Society ransomware gang switches to new custom encryptor
The Vice Society ransomware operation has switched to using a custom ransomware encrypt that implements a strong, hybrid encryption scheme based on NTRUEncrypt and ChaCha20-Poly1305.
The Hacker News
Microsoft Warns as Scattered Spider Expands from SIM Swaps to Ransomware
New research reveals how the zero-day financial criminal group Scattered Spider leverages sophisticated phishing, SIM swapping, and help desk fraud ta
ZDNet
Hackers are using this old trick to dodge security protections
CVE-2015-2291 is a years-old security vulnerability - but cyber criminals are still able to take advantage of unpatched systems to compromise networks.
Bleeping Computer
Toronto Public Library confirms data stolen in ransomware attack
The Toronto Public Library (TPL) confirmed that the personal information of employees, customers, volunteers, and donors was stolen from a compromised file server during an October ransomware attack.
Security Affairs
Industrial automation giant ABB disclosed data breach after ransomware attack
Swiss electrification and automation technology giant ABB confirmed it has suffered a data breach after a ransomware attack. ABB has more than 105,000 employees and has $29.4 billion in revenue for 2022. On May 7, 2023, the Swiss multinational company, leading electrification and automation technology provider, suffered a cyber attack that reportedly impacted its business operations. […]
Loading more articles....