107Articles
8Categories
2023-09-25Date
🚨 CISA KEV 2[−]
25 Sep KEVFaster Patching Pace Validates CISA’s KEV Catalog InitiativeThe Known Exploited Vulnerabilities (KEV) Catalog maintained by the US cybersecurity agency CISA has led to significant improvements in federal agencies’ patching efforts, with more than 1,000 vulnerabilities now included in the list.SECURITYWEEK.COM
25 Sep KEVCISA Adds Three Known Exploited Vulnerabilities to CatalogCISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog , based on evidence of active exploitation. CVE-2023-41991 Apple Multiple Products Improper Certificate Validation Vulnerability CVE-2023-41992 Apple Multiple Products Kernel Privilege Escalat…CISA.GOV
🐛 COMMON VULNERABILITIES AND EXPOSURES 1[−]
25 SepBIND DNS System Flaws Let Attackers Launch DoS AttacksIn a recent disclosure, BIND 9, a widely-used DNS (Domain Name System) server software, has been found vulnerable to two critical security flaws, labeled CVE-2023-4236 and CVE-2023-3341. These vulnerabilities, if exploited, could have serious consequences, making it imperative fo…GBHACKERS.COM
⚠️ VULNERABILITY DISCLOSURE 24[−]
25 SepThe Shocking Data on Kia and Hyundai Thefts in the USsubmitted by c0mmando to netsec 2 points | 0 comments https://web.archive.org/web/20230924034307/https://www.wired.com/story/kia-hyundai-car-thefts-us-security-roundup/ Kia and Hyundai cars have been plagued for years by vulnerabilities—and simply missing protective features—in t…WEB.ARCHIVE.ORG
25 SepUpdate: T-Mobile Denies Rumors of a Breach Affecting Employee DataThe stolen data, believed to be from an authorized retailer called Connectivity Source, includes employee IDs, login information, Social Security numbers, and service account details.THERECORD.MEDIA
25 SepNew Apple Zero-Days Exploited to Target Egyptian ex-MP with Predator SpywareApple recently addressed three zero-day vulnerabilities that were used as part of an iPhone exploit chain in an attempt to deliver spyware called Predator to former Egyptian member of parliament Ahmed Eltantawy.THEHACKERNEWS.COM
25 SepNew Zealand University Operating Despite CyberattackDespite a cyberattack on Auckland University of Technology, the university has been able to continue normal operations with minimal disruption. The Monti ransomware gang claimed responsibility for the attack and demanded an undisclosed ransom.THERECORD.MEDIA
25 SepHow to pick the best endpoint detection and response solutionEndpoint detection and response (EDR) security software has grown in popularity and effectiveness as it allows security teams to quickly detect and respond to threats. EDR software offers visibility into endpoint activity in real time, continuously detecting and responding to att…CSOONLINE.COM
25 SepIn-the-Wild Exploitation Expected for Critical TeamCity Flaw Allowing Server TakeoverA critical vulnerability in the TeamCity CI/CD server could allow unauthenticated attackers to execute code and take over vulnerable servers. The post In-the-Wild Exploitation Expected for Critical TeamCity Flaw Allowing Server Takeover appeared first on SecurityWeek .SECURITYWEEK.COM
25 SepPredator Spyware Delivered to iOS, Android Devices via Zero-Days, MitM AttacksPredator spyware delivered to iPhones and Android devices using iOS and Chrome zero-day vulnerabilities and MitM attacks. The post Predator Spyware Delivered to iOS, Android Devices via Zero-Days, MitM Attacks appeared first on SecurityWeek .SECURITYWEEK.COM
25 SepFrom Watering Hole to Spyware: EvilBamboo Targets Tibetans, Uyghurs, and TaiwaneseTibetan, Uyghur, and Taiwanese individuals and organizations are the targets of a persistent campaign orchestrated by a threat actor codenamed EvilBamboo to gather sensitive information. "The attacker has created fake Tibetan websites, along with social media profiles, likely use…THEHACKERNEWS.COM
25 SepNational Student Clearinghouse Discloses Data Breach Impacting 890 SchoolsThe data breach was caused by the Clop ransomware gang, who exploited a zero-day security flaw in the MOVEit Transfer platform and began extorting organizations that were targeted.BLEEPINGCOMPUTER.COM
25 SepInsecure URL handler (Electron) in iRacing leading to RCE in the client - bug discovery and exploitsubmitted by L4s to secops 1 points | 0 comments https://blog.ss23.geek.nz/2023/09/21/iracing-electron-rce-exploit.html Insecure URL handler (Electron) in iRacing leading to RCE in the client - bug discovery and exploit::I’ve recently been looking into iRacing, which is an online…SS23.GEEK.NZ
25 SepNY College Forced to Invest $3.5 Million in Cybersecurity After Breach Affecting 200,000New York state attorney general has reached an agreement with Marymount Manhattan College (MMC) following a data breach in 2021. The college will invest $3.5 million into cybersecurity to address the deficiencies exposed during the ransomware attack.THERECORD.MEDIA
25 SepChinese state actors behind espionage attacks on Southeast Asian governmentA series of attacks targeting a Southeast Asian government has been found to be carried out by distinct threat actors affiliated with Chinese interests, according to Unit 42, the Palo Alto research arm closely studying the attacks. Initially thought to be carried out by a single …CSOONLINE.COM
25 SepEvilBamboo Targets Tibetans, Uyghurs, and Taiwanese People and Organizations"The attacker has created fake Tibetan websites, along with social media profiles, likely used to deploy browser-based exploits against targeted users," Volexity security researchers said in a report published last week.THEHACKERNEWS.COM
25 SepMixin Network suspends operations following $200 million hackMixin Network, an open-source, peer-to-peer transactional network for digital assets, has announced today on Twitter that deposits and withdrawals are suspended effective immediately due to a $200 million hack the platform suffered on Saturday. [...]BLEEPINGCOMPUTER.COM
25 SepUkrainian Military Targeted in Phishing Campaign Leveraging Drone ManualsUkrainian military entities are the target of a phishing campaign that leverages drone manuals as lures to deliver a Go-based open-source post-exploitation toolkit called Merlin. "Since drones or Unmanned Aerial Vehicles (UAVs) have been an integral tool used by the Ukrainian mil…THEHACKERNEWS.COM
25 SepOrganizations Starting to Understand the Impact of Ransomware, But Their Efforts Not Enough to Overcome Infostealer MalwareRecent findings in a SpyCloud report shows companies are starting to recognize and shift their priorities to defend against ransomware attacks, but the use of infostealer malware still has a high success rate for cybercriminals.KNOWBE4.COM
25 SepUkrainian Military Targeted in Phishing Campaign Leveraging Drone ManualsUkrainian military entities are the target of a phishing campaign that leverages drone manuals as lures to deliver a Go-based open-source post-exploitation toolkit called Merlin.THEHACKERNEWS.COM
25 SepStop Executive & Employee PII Exposure on the Public Web. - Reuben Moretz - ISW23 #1Each employee serves as a potential gateway to their organization, and the personal information of your workforce is readily accessible and exposed on the internet, making the organization susceptible to threats. DeleteMe is the solution that locates and eliminates personal data …YOUTUBE.COM
25 SepIncomplete Disclosures by Apple and Google Create “Huge Blindspot” for Zero-Day HuntersGoogle's limited disclosure and the separate CVE designations for the vulnerability by Apple, Google, and Citizen Lab have hindered the detection and patching of the critical vulnerability in other software relying on libwebp.ARSTECHNICA.COM
25 SepWeaponizing Asset Intelligence: Defending Against Bad Actors - Brian Contos - ISW23 #1As long as there are profits to be made, cybercriminals will continue to monetize enterprise assets—whether they be devices, applications, data, or users. It only takes one weak or unknown asset to compromise an entire organization. Brian will discuss why enterprises need to move…YOUTUBE.COM
25 SepOver 400K Buckets and 10.4B Files Are Public Due to Cloud Misconfigurationssubmitted by L4s to secops 1 points | 0 comments https://socradar.io/over-400k-buckets-and-104b-files-are-public-due-to-cloud-misconfigurations/ Over 400K Buckets and 10.4B Files Are Public Due to Cloud Misconfigurations::Using the open source programs/platform, anyone can scan m…SOCRADAR.IO
25 SepBermuda Struggles to Recover From CyberattackBermuda Premier Attributes the Incident to 'Russia-Based' Attackers Bermuda government workers Monday remained cut off from email and normal telephone systems following a hacking incident disclosed late last week. Bermuda Premier David Burt on Thursday attributed the hack to "Rus…DATABREACHTODAY.CO.UK
25 SepDHS unveils one common platform for reporting cyber incidentsLast week, the US Department of Homeland Security (DHS) released a report titled the Harmonization of Cyber Incident Reporting to the Federal Government , that lays out a working template for how the Cybersecurity and Infrastructure Security Agency (CISA) might implement its upco…CSOONLINE.COM
📢 SECURITY ADVISORIES 10[−]
25 SepCISA Urges Use of Memory Safe Code in Software DevelopmentThe Cybersecurity and Infrastructure Security Agency is urging the software industry to embrace the use of memory safe programming languages as part of a wider effort to eliminate security vulnerabilities in code.CYBERSECURITYDIVE.COM
25 SepAre You Willing to Pay the High Cost of Compromised Credentials?Weak password policies leave organizations vulnerable to attacks. But are the standard password complexity requirements enough to secure them? 83% of compromised passwords would satisfy the password complexity and length requirements of compliance standards. That’s because bad ac…THEHACKERNEWS.COM
25 SepCISA and NFL Collaborate to Secure Super Bowl LVIIIThe US Cybersecurity and Infrastructure Security Agency (CISA) and the NFL conducted a cybersecurity tabletop exercise to assess and improve response capabilities for potential cyber-attacks during Super Bowl LVIII.INFOSECURITY-MAGAZINE.COM
25 SepHow Will SEC Rules Affect Reporting, Tracking of Incidents?TrustedSec's Alex Hamerstone on New US Securities and Exchange Commission Rules Under new U.S. Securities and Exchange Commission rules, companies must disclose material cybersecurity incidents and annually report on cybersecurity risk management, strategy and governance. Alex Ha…DATABREACHTODAY.CO.UK
25 SepWatchGuard Announces its Acquisition of CyGlassThe acquisition will offer WatchGuard's partners and customers access to cutting-edge security solutions, improved XDR insights, and simplified compliance with regulatory and cyber-insurance requirements.ITWIRE.COM
25 SepPolish Privacy Regulator Probes OpenAI's ChatGPTAgency Is the Latest in a String of European Regulators to Scrutinize the LLM The Polish data regulator launched a probe into OpenAI's ChatGPT for potential privacy violations of the European General Data Protection Regulation. The Polish regulator is the third European data prot…DATABREACHTODAY.CO.UK
25 SepNew SEC cybersecurity disclosure rules: What you need to know to stay in complianceThe SEC requires companies to report both material cybersecurity incidents and cybersecurity risk management processes in a standardized way.TECHCRUNCH.COM
🔥 INCIDENT REPORTING 23[−]
25 SepLockBit, BlackCat, and Clop Prevail as Top RAAS Groups: Ransomware in First Half of 2023In the first half of 2023, small businesses were the most targeted victims of LockBit and BlackCat, while large enterprises were the primary targets of Clop ransomware attacks.TRENDMICRO.COM
25 SepHidden Dangers Loom for Subsea Cables, the Invisible Infrastructure of the InternetSubsea cables are a critical component of the global internet infrastructure, and protecting them from accidental damage, natural phenomena, physical attacks, and cyberattacks is crucial.HELPNETSECURITY.COM
25 SepCyber Security Today, Sept. 25, 2023 - Hackers from India say they are targeting Canadian web sitesThis episode reports on a retaliation threat against Canadian websites, the impact of the Dallas ransomware attack, and moreCYBERSECURITYTODAY.LIBSYN.COM
25 SepUpdate: Nova Scotia Says All Victims of MOVEit Breach Have Been NotifiedThe security incident highlights the time-consuming process of analyzing stolen data and notifying affected individuals, emphasizing the need for improved cybersecurity measures.THERECORD.MEDIA
25 SepGUEST ESSAY: A roadmap for the finance teams at small businesses to improve cybersecurityIf you’re a small business looking for the secret sauce to cybersecurity, the secret is out: start with a cybersecurity policy and make the commitment to security a business-wide priority. Related: SMBs too often pay ransom Small businesses, including nonprofit … (more…)LASTWATCHDOG.COM
25 SepT-Mobile data breach exposes personal customer informationCustomer payment information and purchase history was visible to other customersCSHUB.COM
25 SepCity of Dallas Details Ransomware Attack Impact, CostsCity of Dallas has approved an $8.5 million budget to restore systems following a Royal ransomware attack in May 2023. The post City of Dallas Details Ransomware Attack Impact, Costs appeared first on SecurityWeek .SECURITYWEEK.COM
25 SepCyber Insurance Claims Spiked in First Half of 2023 as Ransomware Attacks Surged: ReportLarge companies with over $100 million in revenues have been particularly targeted, experiencing a rise in both the frequency and severity of cyber incidents. Funds transfer fraud has also become a prevalent issue.THERECORD.MEDIA
25 SepAre you ready to build your organization’s digital trust?As organizations continue their digital transformation journey, they need to be able to trust that their digital assets are secure. That’s not easy in today’s environment, as the numbers and sophistication of cyberattacks increase and organizations face challenges fro…SECURITYINTELLIGENCE.COM
25 SepNew Modular Deadglyph Backdoor Used in a Government AttackSecurity researchers have identified a highly advanced modular backdoor, named Deadglyph, believed to be linked to the Stealth Falcon cyber espionage group. It was discovered during an investigation into a cyberespionage incident in the Middle East. Organizations are advised…CYWARE.COM
25 SepNew Wave of Hospitality Phishing Attacks: Compromise User Credentials, Then Go PhishThe hospitality sector is seeing a new wave of phishing attacks. These new attacks are more plausible because they begin with compromised credentials and move to fraudulent emails sent from within a trusted network. The compromised systems are legitimate booking sites; the victim…KNOWBE4.COM
25 SepData Breach Toll Tied to Clop Group's MOVEit Attacks Surges2,050 Organizations Affected After Data Stolen From Secure File-Sharing Software The count of organizations affected by the Clop ransomware group's most recent mass targeting of Progress Software's secure file transfer software doubled last week. National Student Clearinghouse wa…DATABREACHTODAY.CO.UK
25 SepAlmost 900 US Schools Breached Via MOVEitsubmitted by throws_lemy to cybersecurity 1 points | 1 comments https://www.infosecurity-magazine.com/news/us-900-schools-breached-moveit/INFOSECURITY-MAGAZINE.COM
25 SepHong Kong-Based Cryptocurrency Firm Mixin Says Hackers Stole $200 Million in AssetsThe incident follows a recent trend of cryptocurrency hacks, with North Korean hackers being suspected in multiple attacks, highlighting the growing threat posed by cybercriminals targeting the industry.THERECORD.MEDIA
25 SepAverage Insider Cyberthreat Cost Spikes 40% in Four Years: ReportContainment and remediation after an insider incident are the most expensive areas, with an average cost of $179,209 and $125,221 per incident respectively, and the average time to contain an incident has increased to 86 days.CYBERSECURITYDIVE.COM
25 SepDecade of newborn child registry data stolen in MOVEit mass-hackOntario’s government-funded birth registry has confirmed a data breach affecting some 3.4 million people who sought pregnancy care, including the personal health data of close to two million newborns and children across the Canadian province. BORN Ontario said in a statemen…TECHCRUNCH.COM
25 SepHackers steal $200 million from crypto company MixinHong Kong-based crypto company Mixin announced on Sunday that it was breached and that the hackers stole around $200 million. “In the early morning of September 23, 2023 Hong Kong time, the database of Mixin Network’s cloud service provider was attacked by hackers, resultin…TECHCRUNCH.COM
25 SepPersonal Data of 25,000 Hongkongers at Risk After Cyberattack Against Consumer CouncilThe council has restored its computer systems but anticipates delays in addressing complaints, and is taking extra precautions by notifying individuals who may have been affected by the data leak.SCMP.COM
25 SepBORN Ontario child registry data breach affects 3.4 million peopleThe Better Outcomes Registry & Network (BORN), a healthcare organization funded by the government of Ontario, has announced that it is among the victims of Clop ransomware's MOVEit hacking spree. [...]BLEEPINGCOMPUTER.COM
25 SepCommonSpirit Details Financial Fallout of $160M CyberattackNo Word Yet on Hospital Chain's Cyber Insurance Claim, Multiple Lawsuits Pending Chicago-based CommonSpirit is still waiting to hear back on its insurance claim for an October 2022 ransomware attack, but the hospital chain said disruption of some facilities and "significantly" ha…DATABREACHTODAY.CO.UK
25 SepT-Mobile US exposes some customer data, but don't say breachsubmitted by throws_lemy to cybersecurity 3 points | 0 comments https://www.theregister.com/2023/09/25/tmobile_exposes_some_customer_data/THEREGISTER.COM
🕵️ THREAT INTELLIGENCE 28[−]
25 SepISC Stormcast For Monday, September 25th, 2023 https://isc.sans.edu/podcastdetail/8672, (Mon, Sep 25th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
25 SepOuter Space and Juicy Mix: OilRig Campaigns Targeting Israeli OrganizationsESET revealed details on two cyberespionage campaigns conducted by the OilRig APT group against Israeli organizations, using spear-phishing emails. The Outer Space campaign utilized the Solar backdoor and the SC5k downloader, while the Juicy Mix campaign featured the Mango backdo…CYWARE.COM
25 SepOilRig: Never-seen C#/.NET Backdoor to Attack Wide Range of IndustriesOilRig (APT34) is an Iranian cyberespionage group active since 2014, targeting Middle Eastern governments and various industries like:- OilRig launched DNSpionage in 2018-2019 against Lebanon and the UAE, followed by the 2019-2020 HardPass campaign using LinkedIn for energy and g…GBHACKERS.COM
25 SepNew Report Uncovers Three Distinct Clusters of China-Nexus Attacks on Southeast Asian GovernmentAn unnamed Southeast Asian government has been targeted by multiple China-nexus threat actors as part of espionage campaigns targeting the region over extended periods of time. "While this activity occurred around the same time and in some instances even simultaneously on the sam…THEHACKERNEWS.COM
25 SepGelsemium APT Suspected Behind an Attack on Southeast Asian GovernmentA recent report by Palo Alto Networks Unit42 researchers reveals that a stealthy APT group known as Gelsemium likely targeted a Southeast Asian government between 2022 and 2023.SECURITYAFFAIRS.COM
25 SepMentorship Monday - Discussions for career and learning!submitted by shellsharks to cybersecurity 2 points | 0 comments Weekly thread for any and all career, learning and general guidance questions. Thinking of taking a training or going for a cert? Wondering how to level up your career? Wondering what NOT to do? Got other questions? …INFOSEC.PUB
25 SepStealth Falcon APT Preying Over Middle Eastern Skies With DeadglyphThe backdoor does not have traditional commands implemented; instead, it dynamically receives commands from a command and control server in the form of additional modules.WELIVESECURITY.COM
25 SepTools From Cybercrime Software Vendor W3LL Found to be Behind the Compromise of 56K Microsoft 365 AccountsA new report uncovers the scope and sophistication found in just one cybercrime vendor’s business that has aided credential harvesting and impersonation attacks for the last 6 years.KNOWBE4.COM
25 SepMFA Defenses Fall Victim to New Phishing-As-A-Service OfferingsZeroFox warns that phishing-as-a-service (PhaaS) offerings are increasingly including features to bypass multi-factor authentication .KNOWBE4.COM
25 Sep900 US Schools Impacted by MOVEit Hack at National Student ClearinghouseNearly 900 US schools are impacted by the MOVEit hack at the educational nonprofit National Student Clearinghouse. The post 900 US Schools Impacted by MOVEit Hack at National Student Clearinghouse appeared first on SecurityWeek .SECURITYWEEK.COM
25 SepCybercriminals Use Google Looker Studio to Host Crypto Scam to Steal Money and CredentialsSecurity researchers at Check Point have discovered yet another attack that leverages legitimate web applications to host attacks in order to bypass security scanners.KNOWBE4.COM
25 Sep[NEW RELEASE]: Unleash the Power of Cybersecurity Education with KnowBe4’s 'Hack-A-Cat' on RobloxWhat do cheese, fish and cybersecurity training have in common?  Each of these comes together to help keep kids informed about cyber threats and cybersecurity best practices with KnowBe4’s first ever entry into the Roblox gaming platform: Hack-A-Cat!KNOWBE4.COM
25 SepPython Malware Targets Tatar-Language Users: TA866 Threat Actor Strikes AgainThe threat actor behind this campaign is the TA866 group, known for targeting Tatar language speakers. The attackers use phishing emails with a malicious RAR file that contains a video file and a Python-based executable disguised as an image file.THECYBEREXPRESS.COM
25 SepStealthy APT Gelsemium Seen Targeting Southeast Asian GovernmentA stealthy APT known as Gelsemium has been observed targeting a government entity in Southeast Asia for persistence and intelligence collection. The post Stealthy APT Gelsemium Seen Targeting Southeast Asian Government appeared first on SecurityWeek .SECURITYWEEK.COM
25 SepNigerian Pleads Guilty in US to Million-Dollar BEC Scheme RoleKosi Goodness Simon-Ebo, a Nigerian national, pleaded guilty in a US court to his involvement in a million-dollar BEC fraud scheme. The post Nigerian Pleads Guilty in US to Million-Dollar BEC Scheme Role appeared first on SecurityWeek .SECURITYWEEK.COM
25 SepInfoSec World 2023 - Day 1Show Notes: https://securityweekly.com/isw231YOUTUBE.COM
25 Sep“The good and the bad that comes with the growth of AI” – watch this series of webinars with Abnormal, OpenAI, and othersGraham Cluley Security News is sponsored this week by the folks at Abnormal. Thanks to the great team there for their support! AI and cybersecurity are colliding now more than ever. The positive power of AI is apparent with increased efficiency, cost savings, and more. Unfortunat…GRAHAMCLULEY.COM
25 SepOur data is our biggest asset, however most organizations do not know where it is! - T... - ISW23 #1With all of the fancy tools, equipment, and logos most organizations are unable to understand where their data is and how it can be accessed. In the world of work from wherever and whenever orgs need a better handle on what this means. Ridge has worked to curate a set of solution…YOUTUBE.COM
25 SepHow to Overcome Practitioner Concerns Over Cisco-Splunk DealForrester's Allie Mellen on Issues Posed by Cisco's M&A Track Record, Splunk's Cost Security practitioners are skeptical of Cisco's proposed $28 billion Splunk purchase given the networking giant's track record around funding and investing in previous acquisition targets. For…DATABREACHTODAY.CO.UK
25 SepAn Identity Thief Explains the Art of Emptying Your Bank Accountsubmitted by Voyager to cybersecurity 0 points | 0 comments https://www.bloomberg.com/news/articles/2015-07-15/an-identity-thief-explains-the-art-of-emptying-your-bank-account?BLOOMBERG.COM
25 SepAvoiding Negative Value, Feedback-Driven Culture, & Don't Buy Too Many Security Tools - BSW #321This week in the leadership and communications section: building a feedback-driven culture, letting go of the reins, 25 hard-hitting lessons from 17 years in cybersecurity, and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securit…YOUTUBE.COM
25 SepHuman Risk Management at Western Governors University - Jake Wilson - BSW #321In this episode, we interview Jake Wilson, Western Governor University's Security Awareness Evangelist. We'll learn about how he built up and matured WGU's security awareness program, eliminating blind spots, and improving efficacy through data analysis and better reporting. This…YOUTUBE.COM
25 SepGovernor at Fed Cautiously Optimistic About Generative AILisa D. Cook Foresees 'Broad Benefits' If We Address the 'Very Real Concerns' Federal Reserve Board Governor Lisa D. Cook is cautiously optimistic about the impact of generative AI on jobs and productivity but urged the industry to address the "very real concerns." While she sees…DATABREACHTODAY.CO.UK
25 SepDeadglyph Backdoor Targeting Middle Eastern GovernmentBackdoor Is Associated With Stealth Falcon APT Group Security researchers discovered a novel backdoor targeting a governmental agency in the Middle East for espionage purposes. Deadglyph is unique because it's made up of different parts written in different programming languages:…DATABREACHTODAY.CO.UK
25 SepCyberArk, BeyondTrust, Delinea Dominate Gartner MQ for PAMOne Identity, Wallix, Arcon Exit Leaders Space as Privileged Access Market Matures CyberArk, BeyondTrust and Delinea maintained their spots atop Gartner's privileged access management Magic Quadrant, while One Identity, Wallix and Arcon fell from the leader ranks. Over the past h…DATABREACHTODAY.CO.UK
25 SepNews | The Right Skills For The Job - PSW8006:00pm ET - Security News 8:00pm ET - Kayla Williams This week, we start things off with our Security news for the week. Then we follow up with a pre-recorded interview with Kayla Williams, CISO at Devo Technology, Inc., disciussing The Right Skills For The Job. →Full Show Notes:…YOUTUBE.COM
25 SepSaaS Security in the Golden Age | Security's Role in Edge Computing | Enterprise News - ESW333This week, we kick things off with and interview with Yoni Shohet, Co-Founder & CEO at Valence Security, about SaaS Security in the Golden Age of SaaS . Then we discuss Security's Role in Edge Computing Today, with Theresa Lanowitz, Head of Cybersecurity Evangelism at AT&T Cy…YOUTUBE.COM
25 SepNarcBots | Blacktech | ZenRat | Chrome | CISOs | Privacy | Aaran Leyland & more – SWN329This week, Doug Talks: NarcBots, Blacktech, ZenRat, Chrome, CISOs, Privacy, Aaran Leyland, and more on the Security Weekly News. →Full Show Notes: https://securityweekly.com/swn329 →Join the Security Weekly Discord Server: https://discord.gg/pqSwWm4 →Visit our website: https://ww…YOUTUBE.COM
🌐 CYBER THREAT LANDSCAPE 4[−]
25 SepNew BBTok Banking Trojan Versions Target 40 LATAM BanksCheck Point researchers have uncovered a new variant of the BBTok banking trojan, which focuses its attacks on users of more than 40 banks in Latin America, with a primary focus on Brazil and Mexico. The attack strategies differ between Windows 7 and Windows 10 systems. Banking o…CYWARE.COM
25 SepSANS Survey Shows Drop in 2023 ICS/OT Security BudgetsThe budgets allocated for the security of industrial control systems (ICS) and operational technology (OT) have decreased in 2023 compared to the previous year, with over 21% of organizations reporting not having a cybersecurity budget at all.SECURITYWEEK.COM
25 SepXenomorph Malware Returns to Strike Customers of Over 30 American BanksThe Xenomorph malware family, known for its advanced capabilities and distribution campaigns, has resurfaced with new overlays targeting institutions and crypto wallets in the United States and Portugal.THREATFABRIC.COM
25 SepXenomorph Android malware now targets U.S. banks and crypto walletsSecurity researchers discovered a new campaign that distributes a new version of the Xenomorph malware to Android users in the United States, Canada, Spain, Italy, Portugal, and Belgium. [...]BLEEPINGCOMPUTER.COM
📡 INFOSEC NEWS 15[−]
25 SepGithub Passkeys Generally Available for Passwordless Sign-InsThe adoption of passkeys by GitHub, Microsoft, and Google, among other technology giants, demonstrates a growing trend toward using passkeys for secure authentication across platforms.BLEEPINGCOMPUTER.COM
25 SepCato Networks Raises $238M on $3B Valuation to Move UpmarketCato Networks has secured a $238 million equity investment to enhance its SASE platform by integrating CASB and DLP capabilities, catering to the needs of large enterprises.BANKINFOSECURITY.COM
25 SepUK Security Agency Publishes New Cryptographic DesignsThese designs aim to mitigate risks caused by accidental misuse of cryptography, ensuring cryptographic security is maintained even in the event of significant human error.INFOSECURITY-MAGAZINE.COM
25 SepWatch the Webinar — AI vs. AI: Harnessing AI Defenses Against AI-Powered RisksGenerative AI is a double-edged sword, if there ever was one. There is broad agreement that tools like ChatGPT are unleashing waves of productivity across the business, from IT, to customer experience, to engineering. That's on the one hand. On the other end of this fencing match…THEHACKERNEWS.COM
25 SepHow to protect your child's privacy when using social networks and IMs | Kaspersky official blogKids at school: how to ensure privacy and security in their social networking?KASPERSKY.COM
25 SepiOS 17 update secretly changed your privacy settings; here’s how to set them backMany iPhone users who upgraded their iPhones to the recently-released iOS 17 will be alarmed to hear that they may have actually downgraded their security and privacy. Read more in my article on the Hot for Security blog.BITDEFENDER.COM
25 SepNigerian Man Pleads Guilty to Attempted $6 Million BEC Email HeistKosi Goodness Simon-Ebo, a Nigerian national, pleaded guilty to wire fraud and money laundering through business email compromise (BEC) schemes, resulting in millions of dollars in losses.BLEEPINGCOMPUTER.COM
25 SepFake Celebrity Photo Leak Videos Flood TikTok With Temu Referral CodesScammers have started creating videos implying leaked sensitive photos of celebrities and urging viewers to download the Temu app and enter their referral number to view the content. These scams have been targeting multiple celebrities.BLEEPINGCOMPUTER.COM
25 SepFor Security to Benefit From AI, Companies Need to Shore up Their DataCISOs and cybersecurity practitioners should focus on addressing the challenges of data structure, management, and curation to fully leverage the benefits of AI for cyber defense.CYBERSECURITYDIVE.COM
25 SepGoogle is retiring its Gmail Basic HTML view in January 2024Google is notifying Gmail users that the webmail's Basic HTML view will be deprecated in January 2024, and users will require modern browsers to continue using the service. [...]BLEEPINGCOMPUTER.COM
25 SepJourney Down Under: How Rocco Became Australia’s Premier HackerFun facts about Rocco: Microsoft MVR: Rocco is a 2023 Microsoft Most Valuable Researcher. Fitness fanatic: Inspired by old-school body building and countless hours of chopping and carrying wood in the mountains during his youth, Rocco remains a fitness enthusiast, setting himself…MSRC.MICROSOFT.COM
25 SepSensor Intel Series: Top CVEs in August 2023A few formerly popular CVEs fell in traffic in August, leaving an old router vuln to resume its normal position at the top. Plus seven new CVEs added to the list of signatures.F5.COM
25 SepSensor Intel Series: Top CVEs in August 2023A few formerly popular CVEs fell in traffic in August, leaving an old router vuln to resume its normal position at the top. Plus seven new CVEs added to the list of signatures.F5.COM