Saturday, September 7, 2024

US, allies warn of Russian cyber sabotage aimed at disrupting aid to Ukraine - Breaking Defense

US, allies warn of Russian cyber sabotage aimed at disrupting aid to Ukraine  Breaking Defense


http://dlvr.it/TCxlCc

The Cybersecurity Cat-And-Mouse Game - Forbes

The Cybersecurity Cat-And-Mouse Game  Forbes


http://dlvr.it/TCxkxx

Feds Warn on Russian Actors Targeting Critical Infrastructure - Dark Reading

Feds Warn on Russian Actors Targeting Critical Infrastructure  Dark Reading


http://dlvr.it/TCxkZ5

Serve your country through cyber, White House says - TechRadar

Serve your country through cyber, White House says  TechRadar


http://dlvr.it/TCxkGg

GitHub Actions Vulnerable to Typosquatting, Exposing Developers to Hidden Malicious Code

Threat actors have long leveraged typosquatting as a means to trick unsuspecting users into visiting malicious websites or downloading booby-trapped software and packages.

These attacks typically involve registering domains or packages with names slightly altered from their legitimate counterparts (e.g., goog1e.com vs. google.com).

Adversaries targeting open-source repositories across


http://dlvr.it/TCxFHS

Friday, September 6, 2024

Apache OFBiz Update Fixes High-Severity Flaw Leading to Remote Code Execution - The Hacker News

Apache OFBiz Update Fixes High-Severity Flaw Leading to Remote Code Execution  The Hacker News


http://dlvr.it/TCvfTM

IBM Executive on Future Cybersecurity: Passkeys, Deepfakes & Quantum Computing - TechRepublic

IBM Executive on Future Cybersecurity: Passkeys, Deepfakes & Quantum Computing  TechRepublic


http://dlvr.it/TCvf6J

The State of the Virtual CISO Report: MSP/MSSP Security Strategies for 2025

The 2024 State of the vCISO Report continues Cynomi’s tradition of examining the growing popularity of virtual Chief Information Security Officer (vCISO) services. According to the independent survey, the demand for these services is increasing, with both providers and clients reaping the rewards. The upward trend is set to continue, with even faster growth expected in the future. However,


http://dlvr.it/TCvdZl

Critical Security Flaw Found in LiteSpeed Cache Plugin for WordPress

Cybersecurity researchers have discovered yet another critical security flaw in the LiteSpeed Cache plugin for WordPress that could allow unauthenticated users to take control of arbitrary accounts.
The vulnerability, tracked as CVE-2024-44000 (CVSS score: 7.5), impacts versions before and including 6.4.1. It has been addressed in version 6.5.0.1. 
"The plugin suffers from an


http://dlvr.it/TCvFpJ

White House’s new fix for cyber job gaps: Serve the nation in infosec - The Register

White House’s new fix for cyber job gaps: Serve the nation in infosec  The Register


http://dlvr.it/TCtwsf

Thursday, September 5, 2024

Lack of encryption for Columbus' data would be 'significant security oversight,' experts say - The Columbus Dispatch

Lack of encryption for Columbus' data would be 'significant security oversight,' experts say  The Columbus Dispatch


http://dlvr.it/TCs7XC

Malware Attackers Using MacroPack to Deliver Havoc, Brute Ratel, and PhantomCore

Threat actors are likely employing a tool designated for red teaming exercises to serve malware, according to new findings from Cisco Talos.

The program in question is a payload generation framework called MacroPack, which is used to generate Office documents, Visual Basic scripts, Windows shortcuts, and other formats for penetration testing and social engineering assessments. It was developed


http://dlvr.it/TCrkhw

Critical Cisco Smart Licensing Vulnerabilities Let Attackers Take Over System - CybersecurityNews

Critical Cisco Smart Licensing Vulnerabilities Let Attackers Take Over System  CybersecurityNews


http://dlvr.it/TCrPZM

Palo Alto Networks Acquires IBM's QRadar in $500 Million Deal - CybersecurityNews

Palo Alto Networks Acquires IBM's QRadar in $500 Million Deal  CybersecurityNews


http://dlvr.it/TCrPFq

News alert: INE Security releases a strategies guide for cyber threat preparedness, response capabilities - Security Boulevard

News alert: INE Security releases a strategies guide for cyber threat preparedness, response capabilities  Security Boulevard


http://dlvr.it/TCrNt4

Wednesday, September 4, 2024

Zyxel Patches Critical OS Command Injection Flaw in Access Points and Routers

Zyxel has released software updates to address a critical security flaw impacting certain access point (AP) and security router versions that could result in the execution of unauthorized commands.

Tracked as CVE-2024-7261 (CVSS score: 9.8), the vulnerability has been described as a case of operating system (OS) command injection.

"The improper neutralization of special elements in the


http://dlvr.it/TCpZ4b

Clearview AI Faces €30.5M Fine for Building Illegal Facial Recognition Database

The Dutch Data Protection Authority (Dutch DPA) has imposed a fine of €30.5 million ($33.7 million) against facial recognition firm Clearview AI for violating the General Data Protection Regulation (GDPR) in the European Union (E.U.) by building an "illegal database with billions of photos of faces," including those of Dutch citizens.
"Facial recognition is a highly intrusive technology that you


http://dlvr.it/TCp8Wt

Argus Cyber Security changes name to PlaxidityX - Canadian auto dealer

Argus Cyber Security changes name to PlaxidityX  Canadian auto dealer


http://dlvr.it/TCnpct

Cyber Security Statistics 2024 Facts and Trends That Users Need To Know - Hollywood Gazette

Cyber Security Statistics 2024 Facts and Trends That Users Need To Know  Hollywood Gazette


http://dlvr.it/TCnpHw

Transport for London investigates a cybersecurity incident - iZOOlogic

Transport for London investigates a cybersecurity incident  iZOOlogic


http://dlvr.it/TCnnvy

Tuesday, September 3, 2024

Secrets Exposed: Why Your CISO Should Worry About Slack

In the digital realm, secrets (API keys, private keys, username and password combos, etc.) are the keys to the kingdom. But what if those keys were accidentally left out in the open in the very tools we use to collaborate every day?
A Single Secret Can Wreak Havoc
Imagine this: It's a typical Tuesday in June 2024. Your dev team is knee-deep in sprints, Jira tickets are flying, and Slack is


http://dlvr.it/TClVxQ

RansomHub Ransomware Group Targets 210 Victims Across Critical Sectors

Threat actors linked to the RansomHub ransomware group encrypted and exfiltrated data from at least 210 victims since its inception in February 2024, the U.S. government said.
The victims span various sectors, including water and wastewater, information technology, government services and facilities, healthcare and public health, emergency services, food and agriculture, financial services,


http://dlvr.it/TCl7Jh

Monday, September 2, 2024

How Phishing Messages Break Through Email Filters - Report - CybersecurityNews

How Phishing Messages Break Through Email Filters - Report  CybersecurityNews


http://dlvr.it/TChtk0

New Latrodectus Attacking Users with Enhanced Capabilities & Evasion Techniques - CybersecurityNews

New Latrodectus Attacking Users with Enhanced Capabilities & Evasion Techniques  CybersecurityNews


http://dlvr.it/TChtT8

Webinar: Learn to Boost Cybersecurity with AI-Powered Vulnerability Management

The world of cybersecurity is in a constant state of flux. New vulnerabilities emerge daily, and attackers are becoming more sophisticated.
In this high-stakes game, security leaders need every advantage they can get. That's where Artificial Intelligence (AI) comes in. AI isn't just a buzzword; it's a game-changer for vulnerability management.
AI is poised to revolutionize vulnerability


http://dlvr.it/TCht73

Next-Generation Attacks, Same Targets - How to Protect Your Users' Identities

The FBI and CISA Issue Joint Advisory on New Threats and How to Stop Ransomware
Note: on August 29, the FBI and CISA issued a joint advisory as part of their ongoing #StopRansomware effort to help organizations protect against ransomware. The latest advisory, AA24-242A, describes a new cybercriminal group and its attack methods. It also details three important actions to take today to mitigate


http://dlvr.it/TChssw

Malicious npm Packages Mimicking 'noblox.js' Compromise Roblox Developers’ Systems

Roblox developers are the target of a persistent campaign that seeks to compromise systems through bogus npm packages, once again underscoring how threat actors continue to exploit the trust in the open-source ecosystem to deliver malware.
"By mimicking the popular 'noblox.js' library, attackers have published dozens of packages designed to steal sensitive data and compromise systems," Checkmarx


http://dlvr.it/TChSbW

Sunday, September 1, 2024

New Cyberattack Targets Chinese-Speaking Businesses with Cobalt Strike Payloads

Chinese-speaking users are the target of a "highly organized and sophisticated attack" campaign that is likely leveraging phishing emails to infect Windows systems with Cobalt Strike payloads.
"The attackers managed to move laterally, establish persistence and remain undetected within the systems for more than two weeks," Securonix researchers Den Iuzvyk and Tim Peck said in a new report.
The


http://dlvr.it/TCdqnr

Atlassian Confluence Vulnerability Exploited in Crypto Mining Campaigns

Threat actors are actively exploiting a now-patched, critical security flaw impacting the Atlassian Confluence Data Center and Confluence Server to conduct illicit cryptocurrency mining on susceptible instances.
"The attacks involve threat actors that employ methods such as the deployment of shell scripts and XMRig miners, targeting of SSH endpoints, killing competing crypto mining processes,


http://dlvr.it/TCdpJ9

Vietnamese Human Rights Group Targeted in Multi-Year Cyberattack by APT32

A non-profit supporting Vietnamese human rights has been the target of a multi-year campaign designed to deliver a variety of malware on compromised hosts.
Cybersecurity company Huntress attributed the activity to a threat cluster tracked as APT32, a Vietnamese-aligned hacking crew that's also known as APT-C-00, Canvas Cyclone (formerly Bismuth), Cobalt Kitty, and OceanLotus. The intrusion is


http://dlvr.it/TCdlBr

Automotive Cyber Security - KPMG Newsroom

Automotive Cyber Security  KPMG Newsroom


http://dlvr.it/TCdXJf

Recognising KPMG's expertise in cyber security and operations at IDC - KPMG Newsroom

Recognising KPMG's expertise in cyber security and operations at IDC  KPMG Newsroom


http://dlvr.it/TCdPgQ

Jackpot! ASU hackers win $2M at Vegas AI competition - ASU News Now

Jackpot! ASU hackers win $2M at Vegas AI competition  ASU News Now http://dlvr.it/TCywBD