A China-linked APT known as "Evasive Panda" orchestrated sophisticated cyber-espionage campaigns by combining watering-hole tactics—compromising legitimate websites to infect visitors—with supply-chain attacks to deliver its modular malware framework, MgBot, which enables downloading additional payloads and data exfiltration. MgBot’s plug‑in architecture allows the actor to spy on …
Continue Reading
The National Institute of Standards and Technology (NIST) has revised the book on creating a comprehensive cybersecurity program that aims to help organizations of every size be more secure. Here's where to start putting the changes into action.
Convincing phishing emails, synthetic identities, and deepfakes all have been spotted in …
Continue Reading
The SEC’s new breach-disclosure rules empower regulators to impose steep civil penalties—potentially ranging from hundreds of thousands up to millions of dollars—for publicly traded companies that fail to report “material” cybersecurity incidents in a timely manner. Enforcement tools include injunctions, disgorgement, officer/director bans, and escalating per-violation …
Continue Reading
More than three-quarters of CISOs across the Middle East, Turkey, and Africa are planning to boost their cybersecurity budgets by at least 10% in 2024, driving total regional investment past $6.5 billion. Driving this growth are escalating cybercrimes — including state-sponsored threats and destructive 'wiper' malware — tighter data regulations, and …
Continue Reading
Five of my articles were published this week: Four on Dark Reading and another on README.security (which now defaults to Synack's domain, since they own it). Among the major issues, the cybersecurity jobs market is looking less strong, and companies are looking to managed services to simplify security in …
Continue Reading