🚨 CISA KEV 1[−]
7 Nov KEVCISA Adds One Known Exploited Vulnerability to CatalogCISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog , based on evidence of active exploitation. CVE-2023- 22518 Atlassian Confluence Data Center and Server Improper Authorization Vulnerability These types of vulnerabilities are frequent attack vect…CISA.GOV
🐛 COMMON VULNERABILITIES AND EXPOSURES 6[−]
7 NovCritical Flaws Discovered in Veeam ONE IT Monitoring Software – Patch NowVeeam has released security updates to address four flaws in its ONE IT monitoring and analytics platform, two of which are rated critical in severity. The list of vulnerabilities is as follows - CVE-2023-38547 (CVSS score: 9.9) - An unspecified flaw that can be leveraged by an u…THEHACKERNEWS.COM
7 NovExperts Warn of Ransomware Hackers Exploiting Atlassian and Apache FlawsMultiple ransomware groups have begun to actively exploit recently disclosed flaws in Atlassian Confluence and Apache ActiveMQ. Cybersecurity firm Rapid7 said it observed the exploitation of CVE-2023-22518 and CVE-2023-22515 in multiple customer environments, some of which have b…THEHACKERNEWS.COM
7 NovVeeam Patches Two Critical Bugs in Veeam ONEIn a security update yesterday, the firm revealed CVE-2023-38547, a CVSS 9.9-rated flaw in Veeam ONE 11, 11a, and 12. The second critical bug (CVE-2023-38548) affects Veeam ONE version 12 and has a CVSS score of 9.8.INFOSECURITY-MAGAZINE.COM
7 NovEclypsium launches supply chain security guide to track risks and incidentsDigital supply chain security company Eclypsium has announced the launch of a new supply chain security guide to help IT, security, and procurement teams track risks and incidents. CIOs, CISOs, and supply chain leaders can use the guide to assess their exposure to supply chain cy…CSOONLINE.COM
7 NovUpdate: Critical Atlassian Bug Exploited in Ransomware AttacksThe vulnerability, known as CVE-2023-22518, impacts all versions of Atlassian Confluence Data Center and Server, and users are strongly advised to update to the latest version to mitigate the risk.INFOSECURITY-MAGAZINE.COM
7 NovCISA Releases Guidance for Addressing Citrix NetScaler ADC and Gateway Vulnerability CVE-2023-4966, Citrix BleedToday, CISA, in response to active, targeted exploitation, released guidance for addressing Citrix NetScaler ADC and Gateway vulnerability CVE-2023-4966 . The vulnerability, also known as Citrix Bleed, could allow a cyber actor to take control of an affected system. CISA recommen…CISA.GOV
⚠️ VULNERABILITY DISCLOSURE 28[−]
7 NovDecoupled SIEM: Brilliant or Stupid?Frankly, not sure why I am writing this, I get a sense that this esoteric topic is of interest to a very small number of people. But hey … LinkedIn made me do it :-) And many of those few people are my friends or at least close industry peers. So, the topic is so-called “decouple…MEDIUM.COM
7 Nov139: D3f4ultThis is the story of D3f4ult (twitter.com/_d3f4ult) from CWA. He was a hacktivist, upset with the state of the way things were, and wanted to make some changes. Changes were made. Sponsors Support for this show comes from Axonius. The Axonius solution correlates asset data from y…DARKNETDIARIES.COM
7 NovHackers, Scrapers & Fakers: What's Really Inside the Latest LinkedIn DatasetPresently sponsored by: Webinar: 'How to Defend Against the Evilginx2.' Kuba Gretzky (Evilginx2) & Marcin Szary (Secfense) show a tool that counters MFA bypass. I like to think of investigating data breaches as a sort of scientific search for truth. You start out with a theory (a…TROYHUNT.COM
7 NovSecure from the get-go: top challenges in implementing shift-left cybersecurity approachesDavid Ulloa sees value in the shift-left strategy , which embeds security at the earliest stages of software development. Like other security chiefs, Ulloa believes that this approach can effectively and efficiently boost the organization's security posture. But he concedes: not …CSOONLINE.COM
7 NovSideCopy Exploiting WinRAR Flaw in Attacks Targeting Indian Government EntitiesThe Pakistan-linked threat actor known as SideCopy has been observed leveraging the recent WinRAR security vulnerability in its attacks targeting Indian government entities to deliver various remote access trojans such as AllaKore RAT, Ares RAT, and DRat. Enterprise security firm…THEHACKERNEWS.COM
7 NovUpdate: Microsoft Says Exchange ‘Zero Days’ Disclosed by ZDI Already Patched or Not UrgentAs per Microsoft, the vulnerabilities do not meet the criteria of actual zero-days and require authentication for exploitation, reducing their chances of being used in malicious attacks.SECURITYWEEK.COM
7 NovOffensive and Defensive AI: Let’s Chat(GPT) About ItChatGPT: Productivity tool, great for writing poems, and… a security risk?! In this article, we show how threat actors can exploit ChatGPT, but also how defenders can use it for leveling up their game. ChatGPT is the most swiftly growing consumer application to date. The extremel…THEHACKERNEWS.COM
7 NovIBM rebuilds QRadar for hybrid clouds and AI workloadsIBM has announced rebuilding its security information and event management (SIEM) offering, QRadar, with a cloud-native architecture to help organizations scale their hybrid cloud and AI workloads. The new offering combines IBM's existing SIEM skeleton within the QRadar suite wit…CSOONLINE.COM
7 NovFederal Push for Secure-by-Design: What It Means for DevelopersSecure-by-design is clearly important to the federal government, and there is a strong possibility that it will become a regulatory requirement for the critical industries enforced through an Executive Order. The post Federal Push for Secure-by-Design: What It Means for Developer…SECURITYWEEK.COM
7 NovNew GootLoader Malware Variant Evades Detection and Spreads RapidlyA new variant of the GootLoader malware called GootBot has been found to facilitate lateral movement on compromised systems and evade detection. "The GootLoader group's introduction of their own custom bot into the late stages of their attack chain is an attempt to avoid detectio…THEHACKERNEWS.COM
7 NovMyrror Security Emerges From Stealth Mode With $6 Million in FundingMyrror Security emerges from stealth mode to disrupt supply chain attacks with binary-to-source code analysis. The post Myrror Security Emerges From Stealth Mode With $6 Million in Funding appeared first on SecurityWeek .SECURITYWEEK.COM
7 NovFrontegg releases new identity, user management solution for SaaS productsIdentity and access management platform Frontegg has announced the release of Frontegg Forward to support software as a service (SaaS) companies in handling customer identity and user management within their products. The new offering delivers four fundamental user management inn…CSOONLINE.COM
7 NovNIST’s security transformation: How to keep upOne thing that came out of the pandemic years was a stronger push toward an organization-wide digital transformation. Working remotely forced companies to integrate digital technologies, ranging from cloud computing services to AI/ML, across business operations to allow workers t…SECURITYINTELLIGENCE.COM
7 NovUpdate: TellYouThePass Ransomware Joins Apache ActiveMQ RCE AttacksInternet-exposed Apache ActiveMQ servers are being targeted by ransomware attacks exploiting a critical remote code execution vulnerability. Over 4,770 vulnerable Apache ActiveMQ servers are at risk of exploitation.BLEEPINGCOMPUTER.COM
7 NovReport: SIM Box Fraud to Drive 700% Surge in Roaming ScamsSIM box fraud is a type of “interconnected bypass” scam, where threat actors intercept international calls and route them to a local device known as a SIM box. This device then routes the connection back into the network as a local call.INFOSECURITY-MAGAZINE.COM
7 NovN. Korean BlueNoroff Blamed for Hacking macOS Machines with ObjCShellz MalwareThe North Korea-linked nation-state group called BlueNoroff has been attributed to a previously undocumented macOS malware strain dubbed ObjCShellz. Jamf Threat Labs, which disclosed details of the malware, said it's used as part of the RustBucket malware campaign, which came to …THEHACKERNEWS.COM
7 NovMultiple Vulnerabilities in Google Android OS Could Allow for Privilege EscalationMultiple vulnerabilities have been discovered in Google Android OS, the most severe of which could allow for privilege escalation. Android is an operating system developed by Google for mobile devices, including, but not limited to, smartphones, tablets, and watches. Successful e…CISECURITY.ORG
7 NovMarina Bay Sands discloses data breach impacting 665,000 customersThe Marina Bay Sands (MBS) luxury resort and casino in Singapore has disclosed a data breach that impacts personal data of 665,000 customers. [...]BLEEPINGCOMPUTER.COM
7 NovGet Ready: International Fraud Awareness WeekNovember 12-18, 2024 is International Fraud Awareness Week and I know what you are thinking: “Didn’t we just have an entire month dedicated to cyber fraud and cybersecurity in general?” And you would be right that October’s Cybersecurity Awareness Month was a great way to train y…KNOWBE4.COM
7 NovVeeam Critical Bug Let Attackers Execute Remote Code and Steal NTLM HashesVeeam, a Global Leader in Data Protection issued hotfixes to address four vulnerabilities affecting the Veeam ONE IT infrastructure monitoring and analytics platform. Two of the four vulnerabilities are classified as ‘critical’, while the other two are classified as ‘medium sever…GBHACKERS.COM
7 NovVeterans Impacting Cybersecurity - David Cross - CSP #147Veterans bring along some valuable skills from the military that organizations can greatly benefit from. From loyalty, executing to a playbook, incident response, responding to crisis’s, to supporting the organizational mission – Veterans are a resource that is eager to transitio…YOUTUBE.COM
7 NovOnline Store Zhefengle Exposed Millions of Chinese Citizen IDsThe database contained over 3.3 million orders from 2015 to 2020, many of which included uploaded copies of customers' government-issued identity cards. The vulnerability was addressed after a security researcher notified the store owners.TECHCRUNCH.COM
7 NovCISA Releases One Industrial Control Systems AdvisoryCISA released one Industrial Control Systems (ICS) advisory on November 7, 2023. This advisory provides timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-311-01 GE MiCOM S1 Agile CISA encourages users and administrators to re…CISA.GOV
7 NovSecurity from a Developer's Perspective - Josh Goldberg - ASW #262A lot of appsec conferences have presentations for appsec audiences -- but that's not often the group that's building apps. What if more developer conferences had appsec content? We talk with Josh about security from the developer's point of view, both as an audience hearing abou…YOUTUBE.COM
7 NovNew State of Phishing Report 2023: An Alarming Surge in Phishing ThreatsThe fight against cyber threats remains a top priority for all organizations, including phishing attacks. SlashNext just released its much-anticipated annual " State of Phishing Report for 2023 ." This report sheds light on the alarming surge in phishing threats across email, web…KNOWBE4.COM
7 NovMTE - The promising path forward for memory safetyPosted by Andy Qin, Irene Ang, Kostya Serebryany, Evgenii Stepanov Since 2018, Google has partnered with ARM and collaborated with many ecosystem partners (SoCs vendors, mobile phone OEMs, etc.) to develop Memory Tagging Extension (MTE) technology. We are now happy to share the g…SECURITY.GOOGLEBLOG.COM
7 NovCitrix Bleed, Atlassian Authz Vuln, OpenJS & jQuery, Secure Future Initiative - ASW #262Details of the Citrix Bleed vuln, exploitation of the Atlassian improper authorization vuln, so many jQuery installations to upgrade, the price of bounties and the cost of fixes, Microsoft's Secure Future Initiative, and more! Visit https://www.securityweekly.com/asw for all the …YOUTUBE.COM
7 NovGootbot: A new post-exploitation implant for lateral movementThe creators of Gootloader, a malicious program commonly used to deploy ransomware and other malware threats on enterprise networks, have developed a new second-stage implant. Dubbed GootBot, the new post-exploitation tool is written in PowerShell and is pushed to other systems o…CSOONLINE.COM
📋 SECURITY BULLETINS 2[−]
7 Nov37 Vulnerabilities Patched in Android With November 2023 Security UpdatesThe Android security updates released this week resolve 37 vulnerabilities, including a critical information disclosure bug. The post 37 Vulnerabilities Patched in Android With November 2023 Security Updates appeared first on SecurityWeek .SECURITYWEEK.COM
7 Nov37 Vulnerabilities Patched in Android With November 2023 Security UpdatesThe November 2023 Android security update addresses high-severity vulnerabilities in the System component, with additional fixes for Arm, MediaTek, and Qualcomm components.SECURITYWEEK.COM
📢 SECURITY ADVISORIES 8[−]
7 NovMicrosoft Will Roll Out MFA-Enforcing Policies for Admin Portal AccessThese policies will also require MFA for per-user MFA users for all cloud apps and for high-risk sign-ins. The policies will be gradually added to eligible Microsoft tenants, and administrators will have 90 days to review and enable them.BLEEPINGCOMPUTER.COM
7 NovMicrosoft: Some Outlook.com users can't send emails with attachmentsIn a Monday advisory, Microsoft warned Outlook.com users about issues they might encounter when sending emails containing attachments. [...]BLEEPINGCOMPUTER.COM
7 NovFEMA and CISA Release Joint Guidance on Planning Considerations for Cyber IncidentsToday, the Federal Emergency Management Agency (FEMA) and the Cybersecurity and Infrastructure Security Agency (CISA) released the joint guide Planning Considerations for Cyber Incidents: Guidance for Emergency Managers to provide state, local, tribal, and territorial (SLTT) emer…CISA.GOV
7 NovNew York Department of Financial Services Strengthens Cybersecurity RegulationThe NYDFS’ 23 NYCRR Part 500 has been updated to reflect the current preventative and responsive measures necessary for Financial Services org to be ready for cyber attacks.KNOWBE4.COM
7 NovCISA Preparing for Election Day 'Operational Disruptions'Agency Finds No Credible Election Security Threat While Mobilizing National Support The U.S. Cybersecurity and Infrastructure Security Agency said it was setting up a variety of real-time initiatives to provide technical support and cybersecurity assistance for election offices n…DATABREACHTODAY.CO.UK
🔥 INCIDENT REPORTING 13[−]
7 NovClop group obtained access to the email addresses of about 632,000 US federal employeessubmitted by throws_lemy to cybersecurity 1 points | 0 comments https://securityaffairs.com/153486/data-breach/clop-group-us-federal-employees.htmlSECURITYAFFAIRS.COM
7 NovLinkedIn Scraped and Faked Data (2023) - 5,820,276 breached accountsIn November 2023, a post to a popular hacking forum alleged that millions of LinkedIn records had been scraped and leaked . On investigation, the data turned out to be a combination of legitimate data scraped from LinkedIn and email addresses constructed from impacted individuals…HAVEIBEENPWNED.COM
7 NovMedusa Ransomware Group Claims Cyberattack on Canadian Psychological AssociationThe Medusa ransomware group has demanded a ransom of $10,000 to delay the publication of compromised data by another day, and a staggering $200,000 for the complete deletion of the data.THECYBEREXPRESS.COM
7 NovCountries Pledge to Not Pay Ransoms, but Experts Question ImpactWhile the pledge is a step in the right direction, legislative measures are needed to effectively deter organizations from paying ransoms and address the growing issue of ransomware attacks.CYBERSECURITYDIVE.COM
7 NovRansomware Gang Leaks Data Allegedly Stolen From Canadian HospitalsFive Canadian hospitals have confirmed a ransomware attack as data allegedly stolen from them was posted online. The post Ransomware Gang Leaks Data Allegedly Stolen From Canadian Hospitals appeared first on SecurityWeek .SECURITYWEEK.COM
7 NovTop 6 Cybersecurity Incident Response Phases – 2024Modern security tools continue to improve in their ability to defend organizations’ networks and endpoints against cybercriminals. But the bad actors still occasionally find a way in. Security teams must be able to stop threats and restore normal operations as quickly as possible…GBHACKERS.COM
7 NovNew Jupyter Infostealer Version Emerges with Sophisticated Stealth TacticsThe Jupyter Infostealer malware has resurfaced with new techniques, including PowerShell command modifications and the use of signed certificates, to establish a persistent presence on compromised systems.THEHACKERNEWS.COM
7 NovNew GootLoader Malware Variant Evades Detection and Spreads RapidlyGootBot is designed to connect to compromised WordPress sites for command and control, making use of unique hard-coded C2 servers for each sample, posing a challenge for detection and prevention.THEHACKERNEWS.COM
7 NovUpdate: Ransomware Gang Leaks Data Allegedly Stolen From Canadian HospitalsFive Canadian hospitals have confirmed that patient and employee data stolen in a ransomware attack has been leaked online, impacting millions of patient visits and employee information.SECURITYWEEK.COM
7 NovPro-Palestinian Hackers Group ‘Soldiers of Solomon’ Disrupted the Production Cycle of the Largest Israeli Flour Production PlantThis attack on the flour plant is part of a series of cyber attacks by the group on Israeli organizations, including a successful attack on the Ashalim Power Station and taking control of military servers and systems.SECURITYAFFAIRS.COM
7 NovBlueNoroff hackers backdoor Macs with new ObjCShellz malwareThe North Korean-backed BlueNorOff threat group targets Apple customers with new macOS malware tracked as ObjCShellz that can open remote shells on compromised devices. [...]BLEEPINGCOMPUTER.COM
7 NovTransForm says ransomware data breach affects 267,000 patientsShared service provider TransForm has published an update on the cyberattack that recently impacted operations in multiple hospitals in Ontario, Canada, clarifying that it was a ransomware attack. [...]BLEEPINGCOMPUTER.COM
7 NovNews alert: Risk Ledger secures £6.25 million to prevent cyber attacks on enterprise supply chainsLondon, United Kingdom, Nov. 7, 2023 — Organisations have been laser focussed on protecting their own networks, applications, physical premises and people against cyber security attacks but have neglected their exposure to suppliers. Indeed, over the past 3 years, a ……LASTWATCHDOG.COM
🕵️ THREAT INTELLIGENCE 24[−]
7 NovNodeStealer attacks on Facebook take a provocative turn – threat actors deploy malvertising campaigns to hijack users’ accountssubmitted by throws_lemy to cybersecurity 1 points | 0 comments https://www.bitdefender.com/blog/labs/nodestealer-attacks-on-facebook-take-a-provocative-turn-threat-actors-deploy-malvertising-campaigns-to-hijack-users-accounts/BITDEFENDER.COM
7 NovISC Stormcast For Tuesday, November 7th, 2023 https://isc.sans.edu/podcastdetail/8734, (Tue, Nov 7th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
7 NovSocks5Systemz Proxy Botnet Infects Around 10,000 Systems WorldwideSecurity experts took the wraps off of Socks5Systemz, a proxy botnet distributed through PrivateLoader and Amadey, affecting approximately 10,000 systems globally. BitSight mapped at least 53 servers of Socks5Systemz, all located in Europe and distributed across France, Bulgaria,…CYWARE.COM
7 NovCybersecurity M&A Roundup: 31 Deals Announced in October 2023Thirty-one cybersecurity-related merger and acquisition (M&A) deals were announced in October 2023. The post Cybersecurity M&A Roundup: 31 Deals Announced in October 2023 appeared first on SecurityWeek .SECURITYWEEK.COM
7 NovSpaf on the Morris WormGene Spafford wrote an essay reflecting on the Morris Worm of 1988—35 years ago. His lessons from then are still applicable today.SCHNEIER.COM
7 NovTraining Tuesday - Discussions for certs, training and learning-at-homesubmitted by shellsharks to cybersecurity 1 points | 0 comments Weekly thread to discuss industry certifications, trainings and other courses/learning. Ask questions, share your experiences and help others!INFOSEC.PUB
7 NovNarrowing the Focus of AI in SecurityAI can truly disrupt all elements of the SOC and provide an analyst with 10x more data and save 10x more time than what currently exists. The post Narrowing the Focus of AI in Security appeared first on SecurityWeek .SECURITYWEEK.COM
7 NovCyberheistNews Vol 13 #45 [BUDGET AMMO] The Outstanding ROI of KnowBe4's Security Awareness Training PlatformKNOWBE4.COM
7 NovNew MacOS Malware Linked to North Korean HackersNew macOS malware, tracked by Jamf as ObjCShellz, is likely being used by North Korean hackers to target crypto exchanges The post New MacOS Malware Linked to North Korean Hackers appeared first on SecurityWeek .SECURITYWEEK.COM
7 NovFree Tool Helps Industrial Organizations Find OPC UA VulnerabilitiesA new free tool named OpalOPC helps industrial organizations find OPC UA misconfigurations and vulnerabilities. The post Free Tool Helps Industrial Organizations Find OPC UA Vulnerabilities appeared first on SecurityWeek .SECURITYWEEK.COM
7 NovWhat's Normal: New uses of DNS, Discovery of Designated Resolvers (DDR), (Tue, Nov 7th)Collecting and analyzing DNS logs should be at the top of your agenda regarding network monitoring. Everything that happens on the network tends to be reflected in DNS, and events that do not correlate with DNS are often suspect themselves. For example, if a host connects to an I…ISC.SANS.EDU
7 NovCritical Vulnerabilities Expose Veeam ONE Software to Code ExecutionVeeam Software has rolled out patches to cover code execution vulnerabilities in its Veeam ONE IT monitoring product. The post Critical Vulnerabilities Expose Veeam ONE Software to Code Execution appeared first on SecurityWeek .SECURITYWEEK.COM
7 NovData Brokers Expose Sensitive US Military Member Info to Foreign Threat Actors: StudyForeign threat actors can easily obtain sensitive information on US military members from data brokers, a Duke University study shows. The post Data Brokers Expose Sensitive US Military Member Info to Foreign Threat Actors: Study appeared first on SecurityWeek .SECURITYWEEK.COM
7 NovGrok, Okta, Looney Tunables, HelloKitty, Gootbot, Veeam, More News and Jason Wood – SWN #340Join us live at 12ET on this edition of the Security Weekly News. Grok, #Okta, Looney Tunables, #HelloKitty, #Gootbot, #Veeam, More News and Jason Wood. → Watch live here: https://securitweekly.com/live →Subscribe to our podcasts: https://securityweekly.com/subscribe →Join our co…YOUTUBE.COM
7 NovWhat is Network Detection and Response (NDR)?In the ever-evolving digital world, organizations must safeguard their networks and sensitive data against sophisticated cyber threats. Have you ever heard NDR in relation to cybersecurity? Whether you have or not, do you know what is network detection and response?. Network Dete…GBHACKERS.COM
7 NovGrok, Okta, Looney Tunables, HelloKitty, Gootbot, Veeam, More News and Jason Wood - SWN #340Grok, Okta, Looney Tunables, HelloKitty, Gootbot, Veeam, More News and Jason Wood, on this edition of the Security Weekly News Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-340YOUTUBE.COM
7 NovTargeted Social Engineering on the Rise With Lowering Phishing-as-a-Service CostsTargeted individuals were the most common victims of social engineering attacks in the second half of 2022 and the first half of 2023, according to researchers at AtlasVPN.KNOWBE4.COM
7 NovFacebook tops security ratings among social networksFacebook is the most secure social networking site among the major players, thanks to improved privacy controls and support for more secure two-factor authentication technology, but the social media sector as a whole remains vulnerable to different types of account takeover. Acco…CSOONLINE.COM
7 NovVerve Purchase Gives Rockwell Leg Up on Asset IdentificationBuy of Industrial Cybersecurity Firm Verve Will Help Customers Spot, Remediate Risk Rockwell Automation's acquisition of industrial cybersecurity vendor Verve will help businesses better handle one of the biggest challenges with critical infrastructure: asset identification. Indu…DATABREACHTODAY.CO.UK
7 NovNews alert: AppMap launches ‘Runtime Code Review’ — GitHub integration innovationBoston, Mass., Nov. 7, 2023 — AppMap today announces its innovative Runtime Code Review solution that will transform software quality and the developer experience. AppMap’s mission is to deliver actionable insights to developers where they work, and AppMap continues to … (m…LASTWATCHDOG.COM
7 NovUS DOJ Indicts Foreign Nationals for Defrauding $48 MillionAlleged Operators of Russian Cyber Fraud Scheme Are Indicted U.S. federal prosecutors unsealed an indictment against three foreign nationals for allegedly participating in a $48 million fraud scheme. The alleged reshipping scheme operated between 2013 and 2018 while the three def…DATABREACHTODAY.CO.UK
7 NovAHA Sues Feds Over Privacy Warning About Web Tracker UseHospital Groups Say HHS Exceeded Its Authority by Issuing HIPAA-Related 'Rule' The American Hospital Association, along with three other organizations, has filed a federal lawsuit seeking to have the U.S. Department of Health and Human Services withdraw guidance issued last year …DATABREACHTODAY.CO.UK
7 NovProgramming, Self-Learning Crucial for Autonomous OperationsSuccess Hinges on Marrying Programmed Task and Information From Production Settings Rockwell's automation efforts have moved away from a purely programmed approach to one that combines programming and self-learning based on specified parameters. Rockwell trained autonomous vehicl…DATABREACHTODAY.CO.UK
7 NovDigital security sessions at Microsoft Ignite to prepare you for the era of AIJoin us for Microsoft Ignite for insights on how to embrace the era of AI confidently with protection for people, data, devices, and apps that extends across clouds and platforms. Register for the virtual event, taking place from November 15 to 16, 2023. The post Digital security…MICROSOFT.COM
🌐 CYBER THREAT LANDSCAPE 5[−]
7 NovMalware, fake specs, and other problems with cheap Android devices | Kaspersky official blogHow to safely buy an inexpensive Android device and not get hit with viruses or counterfeits.KASPERSKY.COM
7 NovGoogle hopes to better fight malicious apps with real-time scanning on Android devicesGoogle has added a new real-time app scanning capability to Google Play Protect in order to help it better protect against malicious apps installed from outside the official app store. Read more in my article on the Tripwire State of Security blog.TRIPWIRE.COM
7 NovMalwarebytes makes B2B unit spin-off official, launches ThreatDownU.S.-based cybersecurity giant Malwarebytes today launched ThreatDown, a new brand that encompasses its business software portfolio and B2B-focused unit, the company confirmed to TechCrunch. Earlier this year, Malwarebytes let go of approximately 100 employees as part of a wider …TECHCRUNCH.COM
7 NovDHS Unveils New Shields Ready Campaign to Promote Critical Infrastructure Security and ResilienceCISA.GOV
7 NovImplementing Zero Trust: 5 Key ConsiderationsWhen implementing a Zero Trust strategy and selecting a solution to safeguard your company against cyber risk, there are many factors to consider. Five key areas include Visibility and Analytics, Automation and Orchestration, Central Management, Analyst Experience, and Pricing Fl…TRENDMICRO.COM
📡 INFOSEC NEWS 16[−]
7 NovFake Ledger Live App on Microsoft Store Leads to $800,000 Crypto TheftThe scam involved a sophisticated tactic of replicating the look and features of the authentic app, making it challenging for users to differentiate between the real and fake versions.HACKREAD.COM
7 NovLive Webinar | River Island Case Study on Security Awareness, Behaviour and CultureDATABREACHTODAY.CO.UK
7 NovResearchers Find Data Brokers are Selling US Service Members’ SecretsA new report from Duke University reveals that data brokers are selling highly sensitive information on American military service members, posing a threat to national security.THERECORD.MEDIA
7 NovPalo Alto Networks to Acquire Israeli Enterprise Browser Security Firm TalonThe acquisition aims to strengthen security for unmanaged devices used by employees to access work-related material. Last week, Palo Alto Networks purchased cloud safety firm Dig Security.THERECORD.MEDIA
7 NovConfidence in File Upload Security is Alarmingly Low. Why?Numerous industries—including technology, financial services, energy, healthcare, and government—are rushing to incorporate cloud-based and containerized web applications. The benefits are undeniable; however, this shift presents new security challenges. OPSWAT's 2023 Web Applica…THEHACKERNEWS.COM
7 NovThe Roadblocks to Preventive Cybersecurity SuccessCloud infrastructure poses the greatest exposure risk for organizations, requiring effective integration of user identity and access privileges into preventive cybersecurity practices.HELPNETSECURITY.COM
7 NovHow Global Password Practices are ChangingPassword health and hygiene have improved globally over the past year, reducing the risk of account takeover. However, password reuse remains prevalent, making user accounts vulnerable to password-spraying attacks.HELPNETSECURITY.COM
7 NovOpenAI confirms it's not killing off ChatGPT plugins for nowDuring its inaugural developer conference, OpenAI unveiled GPTs, short for Generative Pre-trained Transformers. These custom versions of ChatGPT are designed to be shaped by and for individual users, whether for recreational or professional use, and can be shared with others. [..…BLEEPINGCOMPUTER.COM
7 NovMicrosoft Authenticator now blocks suspicious MFA alerts by defaultMicrosoft has introduced a new protective feature in the Authenticator app to block notifications that appear suspicious based on specific checks performed during the account login stage. [...]BLEEPINGCOMPUTER.COM
7 NovTech Trailblazers: Female Perspectives on Forging Careers Into CyberSix members of Sophos’ Women in Technology Network have been sharing their thoughts on pursuing a job in tech to young girls and women considering their future careers.SOPHOS.COM
7 NovOur Pwn2Own journey against time and randomness (part 2)Part 2 of a series about participation in the Pwn2Own Toronto 2023 contest.QUARKSLAB.COM
7 Nov23andMe data theft prompts DNA testing companies to switch on 2FA by defaultDNA testing and genealogy companies are stepping up user account security by mandating the use of two-factor authentication, following the theft of millions of user records from DNA genetic testing giant 23andMe. Ancestry, MyHeritage, and 23andMe have begun notifying customers th…TECHCRUNCH.COM
7 NovFake Account Creation Bots – Part 3Part three of a series investigating how automation is used to create fake accounts for fraud, disinformation, scams, and account takeover.F5.COM
7 NovFake Ledger Live app in Microsoft Store steals $768,000 in cryptoMicrosoft has recently removed from its store a fraudulent Ledger Live app for cryptocurrency management after multiple users lost at least $768,000 worth of cryptocurrency assets. [...]BLEEPINGCOMPUTER.COM
7 NovFake Account Creation Bots – Part 3: 8 Ways to Identify Fake Bot AccountsPart three of a series investigating how automation is used to create fake accounts for fraud, disinformation, scams, and account takeover.F5.COM
7 NovFake Account Creation Bots – Part 3: 8 Ways to Identify Fake Bot AccountsPart three of a series investigating how automation is used to create fake accounts for fraud, disinformation, scams, and account takeover.F5.COM