Cybersecurity needs AI as much as AI needs cybersecurity - Techzine Europe

Cybersecurity needs AI as much as AI needs cybersecurity  Techzine Europe


http://dlvr.it/TDY1dr

Supply chain cyberattacks threaten healthcare. Here’s how the industry can work together to limit disruption. - Healthcare Dive

Supply chain cyberattacks threaten healthcare. Here’s how the industry can work together to limit disruption.  Healthcare Dive


http://dlvr.it/TDXZ2S

DOD Hosts International Exchange on Shaping Cybersecurity Workforce - Department of Defense

DOD Hosts International Exchange on Shaping Cybersecurity Workforce  Department of Defense


http://dlvr.it/TDXCXz

Ukraine Bans Telegram Use for Government and Military Personnel

Ukraine has restricted the use of the Telegram messaging app by government officials, military personnel, and other defense and critical infrastructure workers, citing national security concerns.
The ban was announced by the National Coordination Centre for Cybersecurity (NCCC) in a post shared on Facebook.
"I have always advocated and advocate for freedom of speech, but the issue of Telegram is


http://dlvr.it/TDWSpP

Cybersecurity Job Market: Experts Weigh in on Hiring Trends and Challenges - ClearanceJobs

Cybersecurity Job Market: Experts Weigh in on Hiring Trends and Challenges  ClearanceJobs


http://dlvr.it/TDWDBD

Bob Turner named Penn State's chief information security officer - Penn State University

Bob Turner named Penn State's chief information security officer  Penn State University


http://dlvr.it/TDWCwk

In wake of Change Healthcare, CrowdStrike outages, health systems look to diversify, strengthen supply chain - Fierce healthcare

In wake of Change Healthcare, CrowdStrike outages, health systems look to diversify, strengthen supply chain  Fierce healthcare


http://dlvr.it/TDVzs5

LinkedIn Addresses User Data Collection for AI Training - Dark Reading

LinkedIn Addresses User Data Collection for AI Training  Dark Reading


http://dlvr.it/TDVb2h

New cybersecurity advisory highlights defense-in-depth strategies - Security Intelligence

New cybersecurity advisory highlights defense-in-depth strategies  Security Intelligence


http://dlvr.it/TDTd8l

Passwordless AND Keyless: The Future of (Privileged) Access Management

In IT environments, some secrets are managed well and some fly under the radar. Here’s a quick checklist of what kinds of secrets companies typically manage, including one type they should manage:

Passwords [x]
TLS certificates [x]
Accounts [x]
SSH keys ???

The secrets listed above are typically secured with privileged access management (PAM) solutions or similar. Yet, most traditional PAM


http://dlvr.it/TDTFzh

Iranian APT UNC1860 Linked to MOIS Facilitates Cyber Intrusions in Middle East

An Iranian advanced persistent threat (APT) threat actor likely affiliated with the Ministry of Intelligence and Security (MOIS) is now acting as an initial access facilitator that provides remote access to target networks.
Google-owned Mandiant is tracking the activity cluster under the moniker UNC1860, which it said shares similarities with intrusion sets tracked by Microsoft, Cisco Talos, and


http://dlvr.it/TDTFnR

Critical Ivanti Cloud Appliance Vulnerability Exploited in Active Cyberattacks

Ivanti has revealed that a critical security flaw impacting Cloud Service Appliance (CSA) has come under active exploitation in the wild.
The new vulnerability, assigned the CVE identifier CVE-2024-8963, carries a CVSS score of 9.4 out of a maximum of 10.0. It was "incidentally addressed" by the company as part of CSA 4.6 Patch 519 and CSA 5.0.
"Path Traversal in the Ivanti CSA before 4.6 Patch


http://dlvr.it/TDSvP0

Hackers Exploit Default Credentials in FOUNDATION Software to Breach Construction Firms

Threat actors have been observed targeting the construction sector by infiltrating the FOUNDATION Accounting Software, according to new findings from Huntress.
"Attackers have been observed brute-forcing the software at scale, and gaining access simply by using the product’s default credentials," the cybersecurity company said.
Targets of the emerging threat include plumbing, HVAC (heating,


http://dlvr.it/TDSMWs

Microsoft Warns of New INC Ransomware Targeting U.S. Healthcare Sector

Microsoft has revealed that a financially motivated threat actor has been observed using a ransomware strain called INC for the first time to target the healthcare sector in the U.S.
The tech giant's threat intelligence team is tracking the activity under the name Vanilla Tempest (formerly DEV-0832).
"Vanilla Tempest receives hand-offs from GootLoader infections by the threat actor Storm-0494,


http://dlvr.it/TDQzfH

Check Point Software Highlights the Growing Cloud Security Skills Gap and Its Impact on Organizational Defense - APN News

Check Point Software Highlights the Growing Cloud Security Skills Gap and Its Impact on Organizational Defense  APN News


http://dlvr.it/TDQZ4D

The French Company Patrowl Expands in the United Kingdom - Business Wire

The French Company Patrowl Expands in the United Kingdom  Business Wire


http://dlvr.it/TDQYs1

Cybersecurity in the Skies - Avionics International

Cybersecurity in the Skies  Avionics International


http://dlvr.it/TDQYbK

Chinese Engineer Charged in U.S. for Years-Long Cyber Espionage Targeting NASA and Military

A Chinese national has been indicted in the U.S. on charges of conducting a "multi-year" spear-phishing campaign to obtain unauthorized access to computer software and source code created by the National Aeronautics and Space Administration (NASA), research universities, and private companies.
Song Wu, 39, has been charged with 14 counts of wire fraud and 14 counts of aggravated identity theft.


http://dlvr.it/TDQ1Fx

North Korean Hackers Target Energy and Aerospace Industries with New MISTPEN Malware

A North Korea-linked cyber-espionage group has been observed leveraging job-themed phishing lures to target prospective victims in energy and aerospace verticals and infect them with a previously undocumented backdoor dubbed MISTPEN.
The activity cluster is being tracked by Google-owned Mandiant under the moniker UNC2970, which it said overlaps with a threat group known as TEMP.Hermit, which is


http://dlvr.it/TDNfVJ

Threat Actors Forcing Victims Into Entering Login Credentials For Stealing - CybersecurityNews

Threat Actors Forcing Victims Into Entering Login Credentials For Stealing  CybersecurityNews


http://dlvr.it/TDNDPx

GSMA Plans End-to-End Encryption for Cross-Platform RCS Messaging - The Hacker News

GSMA Plans End-to-End Encryption for Cross-Platform RCS Messaging  The Hacker News


http://dlvr.it/TDND44

Patch Issued for Critical VMware vCenter Flaw Allowing Remote Code Execution

Broadcom on Tuesday released updates to address a critical security flaw impacting VMware vCenter Server that could pave the way for remote code execution.
The vulnerability, tracked as CVE-2024-38812 (CVSS score: 9.8), has been described as a heap-overflow vulnerability in the DCE/RPC protocol.
"A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a


http://dlvr.it/TDMw3t

Data Detection & Response (DDR): Not the Dance Revolution It Claims - Security Boulevard

Data Detection & Response (DDR): Not the Dance Revolution It Claims  Security Boulevard


http://dlvr.it/TDMh5h

Meta to Train AI Models Using Public U.K. Facebook and Instagram Posts

Meta has announced that it will begin training its artificial intelligence (AI) systems using public content shared by adult users across Facebook and Instagram in the U.K. in the coming months.
"This means that our generative AI models will reflect British culture, history, and idiom, and that UK companies and institutions will be able to utilize the latest technology," the social media


http://dlvr.it/TDLJjj

SolarWinds Issues Patch for Critical ARM Vulnerability Enabling RCE Attacks

SolarWinds has released fixes to address two security flaws in its Access Rights Manager (ARM) software, including a critical vulnerability that could result in remote code execution.
The vulnerability, tracked as CVE-2024-28991, is rated 9.0 out of a maximum of 10.0 on the CVSS scoring system. It has been described as an instance of deserialization of untrusted data.
"SolarWinds Access Rights


http://dlvr.it/TDKtWm

History of Cybersecurity: Key Lessons for Today - ITPro Today

History of Cybersecurity: Key Lessons for Today  ITPro Today


http://dlvr.it/TDKMPL

Cybersecurity a top priority for military satellites as threats loom - SpaceNews

Cybersecurity a top priority for military satellites as threats loom  SpaceNews


http://dlvr.it/TDKMH8

NCC Group's new digital identity services: Enhancing cybersecurity and operational efficiency - FinTech Global

NCC Group's new digital identity services: Enhancing cybersecurity and operational efficiency  FinTech Global


http://dlvr.it/TDKM83

Master Your PCI DSS v4 Compliance with Innovative Smart Approvals

The PCI DSS landscape is evolving rapidly. With the Q1 2025 deadline looming ever larger, businesses are scrambling to meet the stringent new requirements of PCI DSS v4.0. Two sections in particular, 6.4.3 and 11.6.1, are troublesome as they demand that organizations rigorously monitor and manage payment page scripts and use a robust change detection mechanism. With the deadline fast approaching


http://dlvr.it/TDJ1HL

This Nasty Android Threat Can Steal Your 2FA Security Codes - Forbes

This Nasty Android Threat Can Steal Your 2FA Security Codes  Forbes


http://dlvr.it/TDHcbh

Medusa Ransomware Exploiting Fortinet Flaw For Sophisticated Attacks - CybersecurityNews

Medusa Ransomware Exploiting Fortinet Flaw For Sophisticated Attacks  CybersecurityNews


http://dlvr.it/TDH7jX

Breaking Through: Cybersecurity Leadership in Small and Medium-Sized Businesses - CEO Insights Asia

Breaking Through: Cybersecurity Leadership in Small and Medium-Sized Businesses  CEO Insights Asia


http://dlvr.it/TDH7bx

Azure API Management Vulnerability Let Users Escalate Privileges - CybersecurityNews

Azure API Management Vulnerability Let Users Escalate Privileges  CybersecurityNews


http://dlvr.it/TDH7TN

TfL requires in-person password resets for 30,000 employees after hack - BleepingComputer

TfL requires in-person password resets for 30,000 employees after hack  BleepingComputer


http://dlvr.it/TDG8wL

Over a Third of Cyberattacks Result in Job Losses - Dark Reading

Over a Third of Cyberattacks Result in Job Losses  Dark Reading


http://dlvr.it/TDFkhg

Aurora High School implements new cybersecurity program - Cleveland 19 News

Aurora High School implements new cybersecurity program  Cleveland 19 News


http://dlvr.it/TDFXZF

Mayor Ginther speaks on cyber attack latest, says it could cost Columbus 'millions' - The CW Columbus

Mayor Ginther speaks on cyber attack latest, says it could cost Columbus 'millions'  The CW Columbus


http://dlvr.it/TDFPSK

Cyberattack compromises and shuts down Highline Public Schools - Security Magazine

Cyberattack compromises and shuts down Highline Public Schools  Security Magazine


http://dlvr.it/TDFPMV

Oracle’s Ellison Promises Big Cyber Threat Reduction With Next-Generation Network, Data Security Offerings - CRN

Oracle’s Ellison Promises Big Cyber Threat Reduction With Next-Generation Network, Data Security Offerings  CRN


http://dlvr.it/TDDZPC

Ivanti Warns of Active Exploitation of Newly Patched Cloud Appliance Vulnerability

Ivanti has revealed that a newly patched security flaw in its Cloud Service Appliance (CSA) has come under active exploitation in the wild.
The high-severity vulnerability in question is CVE-2024-8190 (CVSS score: 7.2), which allows remote code execution under certain circumstances.
"An OS command injection vulnerability in Ivanti Cloud Services Appliance versions 4.6 Patch 518 and before allows


http://dlvr.it/TDD6r0

Cyber Security Council - WashingtonExec

Cyber Security Council  WashingtonExec


http://dlvr.it/TDClg3

Iranian Cyber Group OilRig Launches Sophisticated Malware Attack on Iraqi Government Networks - Iran News Update

Iranian Cyber Group OilRig Launches Sophisticated Malware Attack on Iraqi Government Networks  Iran News Update


http://dlvr.it/TDCZ2b

This Army division just ran cybersecurity for a far-away brigade - ArmyTimes.com

This Army division just ran cybersecurity for a far-away brigade  ArmyTimes.com


http://dlvr.it/TDCYvy

Progress WhatsUp Gold Exploited Just Hours After PoC Release for Critical Flaw

Malicious actors are likely leveraging publicly available proof-of-concept (PoC) exploits for recently disclosed security flaws in Progress Software WhatsUp Gold to conduct opportunistic attacks.
The activity is said to have commenced on August 30, 2024, a mere five hours after a PoC was released for CVE-2024-6670 (CVSS score: 9.8) by security researcher Sina Kheirkhah of the Summoning Team, who


http://dlvr.it/TDBcJ2

Mastercard splurges $2.65B on another big cyber purchase – Recorded Future - The Register

Mastercard splurges $2.65B on another big cyber purchase – Recorded Future  The Register


http://dlvr.it/TD9xLR

Mastercard Invests $2.65 Billion In Cybersecurity Firm Recorded Future - Finimize

Mastercard Invests $2.65 Billion In Cybersecurity Firm Recorded Future  Finimize


http://dlvr.it/TD9VbQ

Transport for London confirms customer data stolen in cyberattack - BleepingComputer

Transport for London confirms customer data stolen in cyberattack  BleepingComputer


http://dlvr.it/TD9HzT

Urgent: GitLab Patches Critical Flaw Allowing Unauthorized Pipeline Job Execution

GitLab on Wednesday released security updates to address 17 security vulnerabilities, including a critical flaw that allows an attacker to run pipeline jobs as an arbitrary user.
The issue, tracked as CVE-2024-6678, carries a CVSS score of 9.9 out of a maximum of 10.0
"An issue was discovered in GitLab CE/EE affecting all versions starting from 8.14 prior to 17.1.7, starting from 17.2 prior to


http://dlvr.it/TD92Gt

Realm.Security Emerges from Stealth, Raises $5M to Manage Explosion of Cyber Security Data - GlobeNewswire

Realm.Security Emerges from Stealth, Raises $5M to Manage Explosion of Cyber Security Data  GlobeNewswire


http://dlvr.it/TD8JpB

WordPress Mandates Two-Factor Authentication for Plugin and Theme Developers

WordPress.org has announced a new account security measure that will require accounts with capabilities to update plugins and themes to activate two-factor authentication (2FA) mandatorily.
The enforcement is expected to come into effect starting October 1, 2024.
"Accounts with commit access can push updates and changes to plugins and themes used by millions of WordPress sites worldwide," the


http://dlvr.it/TD7dbM