104Articles
7Categories
2023-10-24Date
🐛 COMMON VULNERABILITIES AND EXPOSURES 3[−]
24 OctCisco patches IOS XE vulnerabilities actively being exploitedCisco has released fixes to address two vulnerabilities - CVE-2023-20198 and CVE-2023-20273 - that hackers exploited to compromise tens of thousands of IOS XE devices . CVE-2023-20198 could allow a remote, unauthenticated attacker to create an account on an affected system with p…CSOONLINE.COM
24 OctCVE-2023-33466 - Exploiting Healthcare Servers with Polyglot Filessubmitted by L4s to secops 1 points | 0 comments https://www.shielder.com/blog/2023/10/cve-2023-33466-exploiting-healthcare-servers-with-polyglot-files/ CVE-2023-33466 - Exploiting Healthcare Servers with Polyglot Files::A recently disclosed CVE for the Orthanc DICOM server can b…SHIELDER.COM
24 OctVMware Warns Admins of Public Exploit for RCE Flaw in Aria Operations for LogsThe vulnerability (CVE-2023-34051) requires the attacker to compromise a host within the targeted environment and have permissions to add an extra interface or static IP address.BLEEPINGCOMPUTER.COM
⚠️ VULNERABILITY DISCLOSURE 29[−]
24 OctOperation Triangulation: Experts Uncover Deeper Insights into iOS Zero-Day AttacksThe TriangleDB implant used to target Apple iOS devices packs in at least four different modules to record microphone, extract iCloud Keychain, steal data from SQLite databases used by various apps, and estimate the victim's location. The findings come from Kaspersky, which detai…THEHACKERNEWS.COM
24 OctBackdoor Implant on Hacked Cisco Devices Modified to Evade DetectionThe backdoor implanted on Cisco devices by exploiting a pair of zero-day flaws in IOS XE software has been modified by the threat actor so as to escape visibility via previous fingerprinting methods. "Investigated network traffic to a compromised device has shown that the threat …THEHACKERNEWS.COM
24 OctOpen Source Security: Trends and Predictions for 2024Open source security refers to the practice of ensuring that open source software (OSS) is free from vulnerabilities that malicious actors could exploit. It involves auditing the code of open-source software, identifying and patching vulnerabilities, and continually monitoring fo…GBHACKERS.COM
24 OctOops! When tech innovations create new security threatsTechnology vendors continuously develop well-intentioned, purpose-built functionality, and features intended to enhance our digital experience. They are diligently responding to business and consumer demands for more and faster features to make their lives more convenient and wor…CSOONLINE.COM
24 OctEPA Won’t Force Water Utilities to Audit Their CybersecurityThe industry pushed back : Despite the EPA’s willingness to provide training and technical support to help states and public water system organizations implement cybersecurity surveys, the move garnered opposition from both GOP state attorneys and trade groups. Republican s…SCHNEIER.COM
24 OctChinese Scammers Exploiting India’s Real-Time Payment SystemChinese scammers are using fake loan apps and India's Unified Payments Interface (UPI) to deceive victims and launder money. The scammers pose as loan providers and promise easy repayments in exchange for a fee.THEREGISTER.COM
24 Oct34 Cybercriminals Arrested in Spain for Multi-Million Dollar Online ScamsSpanish law enforcement officials have announced the arrest of 34 members of a criminal group that carried out various online scams, netting the gang about €3 million ($3.2 million) in illegal profits. Authorities conducted searches across 16 locations Madrid, Malaga, Huelva, Ali…THEHACKERNEWS.COM
24 OctGenerative AI phishing fears realized as model develops “highly convincing” emails in 5 minutesGenerative AI is playing a significant role in reshaping the phishing email threat landscape, two new pieces of research indicate. The State of Email Security in an AI-Powered World report from Abnormal Security revealed that security leaders are highly concerned about generative…CSOONLINE.COM
24 OctLacework adds multiple extensions to its multicloud security platformCloud security services provider Lacework has added a suite of new capabilities and support for its multicloud offerings to help customers secure cloud workloads and improve operational efficiency. The new enhancements on the platform include extended support on various enterpris…CSOONLINE.COM
24 OctChina Crackdown on Cyber Scams in Southeast Asia Nets Thousands but Leaves Networks IntactChinese criminal syndicates are running cyber scam networks in Southeast Asia, ensnaring tens of thousands of victims, including those who were forced to work for the criminals.SECURITYWEEK.COM
24 OctVMware warns admins of public exploit for vRealize RCE flawVMware warned customers on Monday that proof-of-concept (PoC) exploit code is now available for an authentication bypass flaw in vRealize Log Insight (now known as VMware Aria Operations for Logs). [...]BLEEPINGCOMPUTER.COM
24 OctHow a cloud-native SIEM provides an AI-powered alternative to legacy systemsPicture this: a world where AI-enabled threat actors are launching relentless and sophisticated attacks against enterprises and critical infrastructure. Both infrastructure and AI applications may be targets, and protecting cyber networks will continue to accelerate in complexity…CSOONLINE.COM
24 OctOn Point: Overcoming Vulnerability Management ChallengesSecurity Director Ian Keller on Addressing Telecommunications Industry Challenges The unique characteristics of the telecommunications industry pose significant challenges to the implementation of robust vulnerability management programs. Security director Ian Keller lists the to…DATABREACHTODAY.CO.UK
24 OctHackers Hit Secure File Transfer Software Again and AgainFile transfer software have been a target for hackers, with the Clop ransomware operation being one of the most prominent attackers. They have exploited vulnerabilities in secure file transfer software, resulting in data leaks and ransom demands.HEALTHCAREINFOSECURITY.COM
24 OctCISA Releases One Industrial Control Systems AdvisoryCISA released one Industrial Control Systems (ICS) advisory on October 24, 2023. This advisory provides timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-297-01 Rockwell Automation Stratix 5800 and Stratix 5200 CISA encourage…CISA.GOV
24 OctSophos 2023 Active Adversary Report for Business Leaders: Decrypting the evolving threat landscapeIn the non-stop game of cat and mouse played by cybercriminals and defenders, attackers keep adapting their tactics. Instead of merely attempting to breach defenses, they often gain access through legitimate means - by logging in. This shifting reality underscores the challenges …CSOONLINE.COM
24 OctTech Leaders: Here’s what to focus on in securityIn order to offer a current view of the threat landscape, Sophos publishes Active Adversary Reports several times a year. The most recent data, published just weeks ago, covers the first half of calendar year 2023 and is aimed at tech leaders. Tech leaders, as the people responsi…CSOONLINE.COM
24 OctOkta Breach, SolarWinds RCEs, CISOs and Boards, Crypto Business Logic, Secure Design - ASW #260Appsec lessons from the Okta breach, directory traversal (and appsec) lessons from SolarWinds, how CISOs and Boards rank factors around vulns and patching, revisiting cryptocurrency attacks for lessons in business logic and threat modeling, CISA and friends update guidance on Sec…YOUTUBE.COM
24 OctNorway Issues Warning After ‘Important Businesses’ Affected by Cisco Zero-DaysThe attacks were described as more potent than a previous incident that affected Norway's government support agency, resulting in hackers accessing the data of several government ministries.THERECORD.MEDIA
24 OctNumber of Cisco Devices Hacked via Zero-Day Remains High as Attackers Update ImplantThe number of Cisco devices hacked via recent zero-days remains high, but the attackers have updated their implant. The post Number of Cisco Devices Hacked via Zero-Day Remains High as Attackers Update Implant appeared first on SecurityWeek .SECURITYWEEK.COM
24 OctOAuth, WebAuthn, and the Impact of Design Choices - Dan Moore - ASW #260We return to discussions of OAuth and all sorts of authentication. This time around we're looking at the design of authentication protocols, the kinds of trade-offs they weigh for adoption and security, and how a standard evolves over time to keep pace with new attacks and put to…YOUTUBE.COM
24 Oct KEVRockwell Automation Warns Customers of Cisco Zero-Day Affecting Stratix SwitchesRockwell Automation has warned customers about the impact of the actively exploited Cisco IOS XE zero-day on its Stratix industrial switches. The post Rockwell Automation Warns Customers of Cisco Zero-Day Affecting Stratix Switches appeared first on SecurityWeek .SECURITYWEEK.COM
24 OctStreamlining security platforms for faster implementation and enhanced risk resolutionCybersecurity is one of the most complex landscapes organizations must navigate, with each new threat leading to more implementation, operation, and management complexity. This is especially true for organizations that take a point product approach to their security. Implementing…CSOONLINE.COM
24 OctCrucial insights for executives on CNAPPWhat does CNAPP (really) mean? First termed in the Gartner Hype Cycle for Cloud Security, 2021, a cloud-native application protection platform (CNAPP) is, as the name implies, a platform approach for securing applications that are cloud-native across the span of the software deve…CSOONLINE.COM
24 OctWildfires, cyberattacks, and cheating students turned off the internet in the third quarterInternet traffic was choked off in different parts of the world in the third quarter this year by a variety of problems, including cyberattacks, natural disasters and cheating at universities, according to a report issued Wednesday by content delivery network (CDN), security and …CSOONLINE.COM
24 OctSpanish police make 34 arrests, dismantling cybercriminal gang that stole 4 million people’s dataSpanish police have arrested 34 suspected members of a criminal gang that are alleged to have run a variety of scams to steal data from over four million people. Law enforcement agents across the country took part in 16 searches that not only seized electronic equipment and compu…BITDEFENDER.COM
24 OctAddressing the cyber skills shortage: 5 key steps to takeDepending upon which research report you read, we have a shortage of somewhere around 3.4 million or 3.5 million individuals worldwide 2 . But we are not the only industry with a talent gap. The medical industry, for example, is facing a shortage of more than 10 million physician…CSOONLINE.COM
24 OctA Vulnerability in ChromeOS Could Allow for Arbitrary Code ExecutionA vulnerability has been discovered in ChromeOS which could allow for arbitrary code execution. ChromeOS is a Linux-based operating system developed and designed by Google. Depending on the privileges associated with the user an attacker could then install programs; view, change,…CISECURITY.ORG
📢 SECURITY ADVISORIES 7[−]
24 OctThe Double-Edged Sword of Heightened Regulation for Financial ServicesThe financial services industry faces unique cybersecurity challenges, including the need to protect sensitive data, navigate complex regulations, and manage partnerships and interconnectedness.HELPNETSECURITY.COM
24 OctCanadian Lawmakers Targeted by China-Linked ‘Spamouflage’ Disinformation CampaignCanada has warned of a disinformation campaign linked to China, dubbed "Spamouflage," involving deepfake videos and online posts aimed at discrediting Canadian lawmakers and silencing criticism of the Chinese Communist Party.SECURITYWEEK.COM
24 OctCybersecurity Awareness Month 2023 Blog Series | Recognizing and Reporting PhishingDuring this week’s blog series, we sat down with two of our NIST experts from the Visualization and Usability Group at NIST — Shanée Dawkins and Jody Jacobs — who discussed the importance of recognizing and reporting phishing . This blog wraps up our Cybersecurity Awareness Month…NIST.GOV
24 OctReport Suggests CISA Should Dominate Federal CybersecurityFederal Civilian Agencies 'Are Likely to Resist This Dramatic Change,' Report Says A study of federal government cybersecurity suggests the Department of Homeland Security could play a more prominent role in securing civilian networks, in a report that touts a "more centralized d…DATABREACHTODAY.CO.UK
🔥 INCIDENT REPORTING 23[−]
24 OctUpdate: Backdoor Implant on Hacked Cisco Devices Modified to Evade DetectionWhile the exact identity of the threat actor is unknown, thousands of devices have been affected, with the number of compromised devices decreasing recently due to changes made to hide the implant.THEHACKERNEWS.COM
24 OctReport: September Saw a Record 153% Increase in Ransomware AttacksRansomware attacks have seen a shocking 153% increase in September, with healthcare being a particularly concerning target due to its potential impact on patient safety, according to NCC Group's Threat Pulse report.ZDNET.COM
24 Oct1Password Detects “Suspicious Activity” in its Internal Okta AccountThe breach occurred in Okta's customer support management system, allowing an unknown attacker to access files uploaded by some Okta customers. 1Password is the second known Okta customer to be targeted in a follow-on attack.ARSTECHNICA.COM
24 OctUniversity of Michigan Warns That Personal Information was Leaked During CyberattackThe hackers gained access to Social Security numbers, driver's license numbers, financial account information, health records, and other sensitive data, potentially impacting a large number of individuals.THERECORD.MEDIA
24 Oct1Password Detects Suspicious Activity Following Okta Support BreachPopular password management solution 1Password said it detected suspicious activity on its Okta instance on September 29 following the support system breach, but reiterated that no user data was accessed. "We immediately terminated the activity, investigated, and found no comprom…THEHACKERNEWS.COM
24 OctHealthcare Ransomware Attacks Cost US $78 BillionRansomware attacks on US healthcare organizations have resulted in an estimated $77.5 billion in downtime costs since 2016, impacting nearly 10,000 organizations and compromising over 52 million patient records, as per research by Comparitech.INFOSECURITY-MAGAZINE.COM
24 OctFive Southwestern Ontario Hospitals Hit by Cyberattack, Patient Appointments to be RescheduledThe hospitals' IT provider, TransForm, is investigating the incident and determining if patient data was compromised. As a result of the outage, online services such as patient records and email have been affected.CBC.CA
24 Oct500,000 Irish National Police Records on Vehicle Seizures Exposed by Third PartyThe exposed records included scanned identity documents, insurance inquiries, certificates of vehicle registration, and other sensitive data. The incident also exposed names and details of drivers, witnesses, and Garda officers.THEREGISTER.COM
24 OctNew York Health Network Restores Services After Crippling CyberattackThe hospital network experienced a potential cybersecurity threat and IT system outage, leading to the diversion of ambulances from three facilities. The network faced criticism for not fully explaining the situation.THERECORD.MEDIA
24 OctOkta’s latest hack fallout hits Cloudflare, 1PasswordNetwork and security giant Cloudflare and password manager maker 1Password said hackers briefly targeted their systems following a recent breach of Okta’s support unit. Both Cloudflare and 1Password said their recent intrusions were linked to the Okta breach, but that the i…TECHCRUNCH.COM
24 OctCyberattack on digital health provider impacts 5 Canadian hospitalsA cyberattack on shared service provider TransForm has impacted operations in five hospitals in Ontario, Canada, impacting patient care and causing appointments to be rescheduled. [...]BLEEPINGCOMPUTER.COM
24 OctSeptember was a record month for ransomware attacks in 2023Ransomware activity in September reached unprecedented levels following a relative lull in August that was still way above regular standards for summer months. [...]BLEEPINGCOMPUTER.COM
24 OctASVEL basketball team confirms data breach after ransomware attackFrench professional basketball team LDLC ASVEL (ASVEL) has confirmed that data was stolen after the NoEscape ransomware gang claimed to have attacked the club. [...]BLEEPINGCOMPUTER.COM
24 OctUkraine Security Services Involved in Hack of Russia’s Largest Private BankThe hackers responsible for breaching Alfa-Bank plan to share the obtained data with investigative journalists and have publicized an alleged conversation with the bank's owner, who claimed he couldn't do anything about the hack.THERECORD.MEDIA
24 OctUniversity of Michigan Says Personal Information Stolen in August Data BreachThe personal information of students, applicants, alumni, and employees compromised in University of Michigan data breach. The post University of Michigan Says Personal Information Stolen in August Data Breach appeared first on SecurityWeek .SECURITYWEEK.COM
24 Oct1Password Finds 'Suspicious Activity' Tied to Okta BreachStolen Customer Support Files From Okta Used to Attack 1Password, BeyondTrust Widely used password management software provider 1Password said a hacker breached one of its systems although failed to steal any sensitive data, after stealing a valid session cookie from the customer…DATABREACHTODAY.CO.UK
24 OctA Better Way to Cover the Bases for Breach ProtectionThe biggest challenges in threat detection and response today are the inability to cover the entire attack surface and a lack of insight into who is attacking and why. To address these issues, Cisco introduced Breach Protection, a suite of products that combines email, endpoint a…DATABREACHTODAY.CO.UK
24 OctCyberattack on health services provider impacts 5 Canadian hospitalsA cyberattack on shared service provider TransForm has impacted operations in five hospitals in Ontario, Canada, impacting patient care and causing appointments to be rescheduled. [...]BLEEPINGCOMPUTER.COM
24 OctLeadership Less Involved in Cyber-Preparedness Despite a Majority of Orgs Thinking Data Loss from a Cyber Attack Likely in the Next 12 MonthsYou probably expect executive leadership to not just support cybersecurity efforts, but to be involved. New data shows organizations have a way to go until this is a reality.KNOWBE4.COM
24 OctMost Organizations Believe Malicious Use of AI is Close to Evading DetectionAs organizations continue to believe the malicious use of artificial intelligence (AI) will outpace its defensive use, new data focused on the future of AI in cyber attacks and defenses should leave you very worried.KNOWBE4.COM
24 OctAttack on Shared IT Supplier Affects 5 Hospitals in OntarioNonemergency Patients Asked to Cancel or Reschedule Appointments During Outage A cyberattack on a shared IT services organization is forcing five member hospitals in Ontario to cancel or reschedule patient appointments and steer nonemergency patients to other facilities. Attacks …DATABREACHTODAY.CO.UK
24 OctPersonal Information Stolen in City of Philadelphia Email HackThe City of Philadelphia says personal, health, and financial information was stolen in a cyberattack on its email environment. The post Personal Information Stolen in City of Philadelphia Email Hack appeared first on SecurityWeek .SECURITYWEEK.COM
24 OctSamsung Galaxy S23 hacked twice on first day of Pwn2Own TorontoSecurity researchers hacked the Samsung Galaxy S23 twice during the first day of the consumer-focused Pwn2Own 2023 hacking contest in Toronto, Canada. [...]BLEEPINGCOMPUTER.COM
🕵️ THREAT INTELLIGENCE 21[−]
24 OctISC Stormcast For Tuesday, October 24th, 2023 https://isc.sans.edu/podcastdetail/8714, (Tue, Oct 24th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
24 OctChinese Scammers Use Fake Loan Apps for Money Launderingsubmitted by throws_lemy to cybersecurity 14 points | 0 comments https://www.hackread.com/chinese-scammers-fake-loan-apps-money-laundering/HACKREAD.COM
24 OctThreat actor is selling access to Facebook and Instagram's Police Portalsubmitted by throws_lemy to cybersecurity 50 points | 4 comments https://securityaffairs.com/152811/cyber-crime/facebook-and-instagrams-police-portal-access.htmlSECURITYAFFAIRS.COM
24 OctAI vs. human deceit: Unravelling the new age of phishing tacticsAttackers seem to innovate nearly as fast as technology develops. Day by day, both technology and threats surge forward. Now, as we enter the AI era, machines not only mimic human behavior but also permeate nearly every facet of our lives. Yet, despite the mounting anxiety about …SECURITYINTELLIGENCE.COM
24 OctTraining Tuesday - Discussions for certs, training and learning-at-homesubmitted by shellsharks to cybersecurity 1 points | 0 comments Weekly thread to discuss industry certifications, trainings and other courses/learning. Ask questions, share your experiences and help others!INFOSEC.PUB
24 OctOT is Not IT but Security Can Handle Both - Mea Clift - CSP #145Join us as we discuss the OT security landscape, the solutions for protecting it, and the future of protecting these pieces of critical infrastructure. With attacks to these networks on the rise, it’s important for cybersecurity professionals to acknowledge that they are just as …YOUTUBE.COM
24 OctThe $64k Question: How Does AI Phishing Stack Up Against Human Social Engineers?The Rise of AI in Phishing: Will future phishing attacks that leverage artificial intelligence be more dangerous? The post The $64k Question: How Does AI Phishing Stack Up Against Human Social Engineers? appeared first on SecurityWeek .SECURITYWEEK.COM
24 OctAdlumin Snags $70M to Boost Security for Mid-Market FirmsAdlumin, a startup working on technology to boost security for mid-market firms, has banked $70 million in new funding led by SYN Ventures. The post Adlumin Snags $70M to Boost Security for Mid-Market Firms appeared first on SecurityWeek .SECURITYWEEK.COM
24 OctCanada: Lawmakers Targeted by China-Linked ‘Spamouflage’ DisinformationCanada on warned of a "Spamouflage" disinformation campaign linked to China that used waves of online posts and deepfake videos. The post Canada: Lawmakers Targeted by China-Linked ‘Spamouflage’ Disinformation appeared first on SecurityWeek .SECURITYWEEK.COM
24 OctSecurityWeek’s 2023 ICS Cybersecurity Conference Kicks Off in AtlantaSecurityWeek’s 2023 ICS Cybersecurity Conference kicks off in Atlanta with presentations on a wide range of topics. The post SecurityWeek’s 2023 ICS Cybersecurity Conference Kicks Off in Atlanta appeared first on SecurityWeek .SECURITYWEEK.COM
24 OctGoogle Chrome’s New “IP Protection” Will Hide Users’ IP AddressesThe feature will route third-party traffic through proxies, making users' IP addresses invisible to specific domains, while adapting to safeguard against cross-site tracking.BLEEPINGCOMPUTER.COM
24 OctGoatse, Okta, Cisco, Ducktail, 0Auth, China, Spain, More News and Aaran Leyland. - SWN #336Goatse, Okta, Cisco, Ducktail, 0Auth, China, Spain, More News and Aaran Leyland. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-336YOUTUBE.COM
24 OctStealth Techniques Used in ‘Operation Triangulation’ iOS Attack DissectedKaspersky analyzes the stealth techniques that were used in the ‘Operation Triangulation’ iOS zero-click attacks. The post Stealth Techniques Used in ‘Operation Triangulation’ iOS Attack Dissected appeared first on SecurityWeek .SECURITYWEEK.COM
24 OctHackers backdoor Russian state, industrial orgs for data theftSeveral state and key industrial organizations in Russia were attacked with a custom Go-based backdoor that performs data theft, likely aiding espionage operations. [...]BLEEPINGCOMPUTER.COM
24 OctExperts Urge Safeguards Before AI Can 'Feign Obedience'Academics Call for Adoption of AI Guardrails to Prevent Potential Existential Risk Leading artificial intelligence experts are calling on governments and tech companies to swiftly develop safeguards for AI systems to mitigate potential existential threats posed by the technology.…DATABREACHTODAY.CO.UK
24 OctFunctionality Misuse from Multiple Legitimate Company Websites is the Latest Example of ‘Site Hopping’A new technique is becoming increasingly common as a way to bypass security scanners. The challenge is that the specific execution is constantly evolving, making it difficult to detect, but not impossible to spot.KNOWBE4.COM
24 OctOne Out of Every Eight Emails Found to be Malicious as Attackers Continue to Hone Their SkillsAn increase in the number of malicious emails being sent is resulting in more phishing attacks reaching inboxes. New data clarifies the factors that determine their malicious nature and identifies the most prevalent types of attacks.KNOWBE4.COM
24 OctVietnam-Based Cyber Groups Using Fake Job Postings to Deliver MalwareSeveral cybercriminal groups based in Vietnam are using fake job postings to trick users into installing malware, according to researchers at WithSecure. The researchers are tracking several related malware campaigns, including “DarkGate” and “Ducktail.”KNOWBE4.COM
24 OctKeyfactor Earns $1.3B Valuation After Sale of Minority StakeFunds Comes Two Years After Insight-Backed Keyfactor Merged With CA Vendor PrimeKey A machine identity management provider led by an ex-Tricentis executive notched a $1.3 billion valuation after getting a minority investment from Sixth Street Group. Keyfactor said the funds will …DATABREACHTODAY.CO.UK
24 OctCensys Gets $75M to Grow Globally, Spend on Cloud, AnalyticsNew Capital, Debt Funding Will Help Censys Analyze History of Vulnerable Data A threat hunting and exposure management startup led by ex-OneLogin CEO Brad Brooks received $75 million to invest in cloud and analytics and growing globally. Censys said the combined equity and debt f…DATABREACHTODAY.CO.UK
24 OctNews alert: Lumifi seeking to acquire MDR cybersecurity firms to accelerate growthScottsdale, Ariz., Oct. 24, 2023 — Lumifi , a cybersecurity industry leader, is embarking on a strategic expansion plan by targeting cybersecurity firms. This strategic direction gains its foundation from Lumifi’s recent landmark acquisition, Castra, valued at $14 mil…LASTWATCHDOG.COM
🌐 CYBER THREAT LANDSCAPE 4[−]
24 OctSpanish Police Dismantle Cybercrime RingSpanish authorities arrested 34 members of a cybercrime group that defrauded victims of $3.12 million using phishing and other tactics. Over 4 million people may have been affected by their activities.BANKINFOSECURITY.COM
24 OctRockwell Automation to Acquire ICS/OT Security Firm Verve IndustrialThe acquisition reflects the growing importance of cybersecurity in the industrial sector, with several M&A deals involving industrial cybersecurity companies taking place in recent years.SECURITYWEEK.COM
24 OctThree most dangerous Android features | Kaspersky official blogWe identify the three most dangerous Android features that can be used to infect your smartphone with malware, and explain how to use them correctly.KASPERSKY.COM
24 OctLegacy Authentication Leads to Growing Consumer FrustrationDespite the popularity of biometrics as an authentication method, passwords are still widely used, with consumers manually entering them about four times a day, according to the FIDO Alliance.HELPNETSECURITY.COM
📡 INFOSEC NEWS 17[−]
24 OctCI/CD Pipeline: How to Overcome Set-Up ChallengesExplore the most common challenges organizations face when establishing a CI/CD pipeline and how to strategically overcome them.TRENDMICRO.COM
24 OctEnterprise Browser Startup Island Banks $100M in FundingThe company said the investment was led by Prysm Capital at a valuation of $1.5 billion. Existing backers Canapi Ventures, Insight Partners, Stripes, Sequoia, Cyberstarts, and Georgian also expanded equity positions.SECURITYWEEK.COM
24 OctMake API Management Less Scary for Your OrganizationWhile application development has evolved rapidly, the API management suites used to access these services remain a spooky reminder of a different era. Introducing new API management infrastructure with these legacy models still poses challenges for organizations as they moderniz…THEHACKERNEWS.COM
24 OctPhilippine Military Ordered to Stop Using Artificial Intelligence Apps Due to Security RisksThe Philippine defense chief has issued an order prohibiting the use of AI-powered digital applications for generating personal portraits due to potential security risks such as identity theft and malicious activities.SECURITYWEEK.COM
24 OctCensys lands new cash to grow its threat-detecting cybersecurity serviceInvestments in cybersecurity companies are beginning to turn a corner, seemingly. After a brutal summer, VC funding to security startups saw a slight (12%) uptick from Q3, according to Crunchbase — reaching nearly $1.9 billion compared to $1.7 billion in the second quarter.…TECHCRUNCH.COM
24 OctSophos ZTNA on Sophos Firewall is now availableZTNA deployment couldn't be easier.SOPHOS.COM
24 OctOAuth Implementation Issues Allows Full Online Account Takeover for Millions of UsersFlaws in the implementation of OAuth across various online services, including Grammarly, Vidio, and Bukalapak, could have exposed hundreds of millions of user accounts to credential theft and other cybercriminal activities.DARKREADING.COM
24 OctEx-NSA Employee Pleads Guilty to Leaking Classified Data to RussiaA former employee of the U.S. National Security Agency (NSA) has pleaded guilty to charges accusing him of attempting to transmit classified defense information to Russia. Jareh Sebastian Dalke, 31, served as an Information Systems Security Designer for the NSA from June 6, 2022,…THEHACKERNEWS.COM
24 OctDecentralized Matrix messaging network says it has 115M usersThe team behind the Matrix open standard and real-time communication protocol has announced the release of its second major version, bringing end-to-end encryption to group VoIP, faster loading times, and more. [...]BLEEPINGCOMPUTER.COM
24 OctEurope’s CSAM-scanning plan is a tipping point for democratic rights, experts warnA controversial child sexual abuse material (CSAM)-scanning proposal that’s under discussion by lawmakers in Europe is both the wrong response to tackling a sensitive and multifacted societal problem and a direct threat to democratic values in a free and open society, a sem…TECHCRUNCH.COM
24 OctBlockaid Emerges From Stealth With $33 Million InvestmentThe investment round was led by Ribbit Capital and Variant, with participation from Cyberstarts, Greylock Partners, and Sequoia Capital. The new funds will be used to scale the company's products and team and expand its customer base.SECURITYWEEK.COM
24 OctFireside Chat: Creating a Holistic Risk Mitigation StrategyKirsten Bay, CEO, Cysurance joins Raja Patel, CPO, Sophos, to discuss how cyber defenses and cyber insurance can work together to lower the total cost of ownership of cyber risk mitigation.SOPHOS.COM
24 OctDecentralized Matrix messaging network says it now has 115M usersThe team behind the Matrix open standard and real-time communication protocol has announced the release of its second major version, bringing end-to-end encryption to group VoIP, faster loading times, and more. [...]BLEEPINGCOMPUTER.COM