🐛 COMMON VULNERABILITIES AND EXPOSURES 8[−]
7 FebCritical JetBrains TeamCity On-Premises Flaw Exposes Servers to Takeover - Patch NowJetBrains is alerting customers of a critical security flaw in its TeamCity On-Premises continuous integration and continuous deployment (CI/CD) software that could be exploited by threat actors to take over susceptible instances. The vulnerability, tracked as CVE-2024-23917…THEHACKERNEWS.COM
7 FebJetBrains Warns of New TeamCity Authentication Bypass VulnerabilityThe vulnerability, tracked as CVE-2024-23917, affects all versions of TeamCity On-Premises from 2017.1 through 2023.11.2 and can lead to remote code execution attacks without requiring user interaction.BLEEPINGCOMPUTER.COM
7 FebUnveiling Atlassian Confluence Vulnerability CVE-2023-22527: Understanding and Mitigating Remote Code Execution RisksIn this blog entry, we discuss CVE-2023-22527, a vulnerability in Atlassian Confluence that has a CVSS score of 10 and could allow threat actors to perform remote code execution.TRENDMICRO.COM
7 FebTeamCity Authentication Bypass Flaw Let Attackers Gain Admin ControlA critical security vulnerability was detected in TeamCity On-Premises, tagged as CVE-2024-23917, with a CVSS score of 9.8. An unauthenticated attacker with HTTP(S) access to a TeamCity server may bypass authentication procedures and take administrative control of that TeamCity s…GBHACKERS.COM
7 FebFortinet snafu: Critical FortiSIEM CVEs are duplicates, issued in errorIt turns out that critical Fortinet FortiSIEM vulnerabilities tracked as CVE-2024-23108 and CVE-2024-23109 are not new and have been published this year in error. [...]BLEEPINGCOMPUTER.COM
7 FebActive Scan Alert: Over 28,000 Ivanti Instances Exposed to InternetIvanti has disclosed two new zero-day vulnerabilities assigned with CVE-2024-21888 and CVE-2024-21893 in the products Ivanti Connect Secure and Ivanti Policy Secure. The vulnerability (CVE-2024-2188) exists in Ivanti Connect Secure and Ivanti Policy Secure web components, allowin…GBHACKERS.COM
7 FebCritical Shim Bug Impacts Every Linux Bootloader Signed in the Past DecadeThe maintainers of 'shim' released version 15.8 to address six vulnerabilities, with the most critical one (CVE-2023-40547) potentially leading to remote code execution and Secure Boot bypass.SECURITYAFFAIRS.COM
7 FebCritical Bootloader Vulnerability in Shim Impacts Nearly All Linux DistrosThe maintainers of shim have released version 15.8 to address six security flaws, including a critical bug that could pave the way for remote code execution under specific circumstances. Tracked as CVE-2023-40547 (CVSS score: 9.8), the vulnerability could be e…THEHACKERNEWS.COM
⚠️ VULNERABILITY DISCLOSURE 22[−]
7 FebCritical Bugs in Canon Printers Allow Code Execution, DDoSsubmitted by IllNess to securitynews 2 points | 0 comments https://www.darkreading.com/endpoint-security/critical-bugs-canon-small-office-printers-code-execution-ddos No exploitations have been observed in the wild as of yet, according to the company’s European site, but owners s…DARKREADING.COM
7 FebMalicious Excel File Drops Python Info-stealerFortinet's FortiGuard Labs uncovers a Python-based info-stealer distributed via malicious Excel documents, showcasing cybercriminals' innovative tactics. Exploiting legacy Excel 4.0 macros, the attack scans devices for sensitive data, employing sophisticated evasion techniques fo…CYWARE.COM
7 FebChinese Hackers Exploited FortiGate Flaw to Breach Dutch Military NetworkChinese state-backed hackers broke into a computer network that's used by the Dutch armed forces by targeting Fortinet FortiGate devices. "This [computer network] was used for unclassified research and development (R&D)," the Dutch Military Intelligence and Security Service (…THEHACKERNEWS.COM
7 FebGoogle Links Dozens of Zero-Day Vulnerabilities in Discovered Recent Years to Spyware VendorsGoogle has identified at least 40 companies involved in creating and selling spyware and hacking tools to governments for use against high-risk individuals such as journalists and human rights defenders.THERECORD.MEDIA
7 Feb6 best practices for third-party risk managementCISOs have good reason to rank third-party risk as a top concern: their organizations engage with a growing number of third parties providing an ever-expanding range of services. While reputable providers certainly prioritize security, bringing products developed outside a busine…CSOONLINE.COM
7 FebTeaching LLMs to Be DeceptiveInteresting research: “ Sleeper Agents: Training Deceptive LLMs that Persist Through Safety Training “: Abstract: Humans are capable of strategically deceptive behavior: behaving helpfully in most situations, but then behaving very differently in order to pursue alter…SCHNEIER.COM
7 FebBusiness, Technology Groups Back SolarWinds Motion to Dismiss SEC ChargesThe U.S. Chamber of Commerce and the Business Roundtable argue that the SEC has expanded its interpretation of internal accounting controls provisions beyond Congress's original intent.CYBERSECURITYDIVE.COM
7 FebHackers can Use Generative AI to Manipulate Live ConversationsIBM researchers demonstrated a technique to intercept live conversations and replace keywords based on the context, allowing for the manipulation of information, financial fraud, and even real-time changes to news broadcasts and political speeches.BANKINFOSECURITY.COM
7 FebVerizon employee compromises personal data of 63,000 colleaguesVerizon, one of the largest telecommunications service providers in the US , has informed the concerned authorities that the personal data of 63,206 people, mostly its employees, has been inadvertently compromised. The company, while informing the Office of the Maine Attorney Gen…CSOONLINE.COM
7 FebNew Vulnerabilities in Azure HDInsight Could Have Led to Privilege Escalations and Denial of ServiceThese vulnerabilities could have allowed attackers to gain cluster administrator privileges, disrupt operations, and negatively impact the availability and reliability of the affected systems.ORCA.SECURITY
7 FebGoogle Open Sources AI-Boosted Fuzzing FrameworkThe framework has successfully identified vulnerabilities in C/C++ projects, including two in cJSON and libplist, which might have remained undiscovered without the use of large language models.DARKREADING.COM
7 FebVMware Releases Security Advisory for Aria Operations for NetworksVMware released a security advisory to address multiple vulnerabilities in Aria Operations for Networks. A cyber threat actor could exploit one of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review VMware security advis…CISA.GOV
7 FebCritical flaw in Shim bootloader impacts major Linux distrosA critical vulnerability in the Shim Linux bootloader enables attackers to execute code and take control of a target system before the kernel is loaded, bypassing existing security mechanisms. [...]BLEEPINGCOMPUTER.COM
7 FebAfter FBI Takedown, KV-Botnet Operators Shift Tactics in Attempt to Bounce BackThe threat actors behind the KV-botnet made "behavioral changes" to the malicious network as U.S. law enforcement began issuing commands to neutralize the activity. KV-botnet is the name given to a network of compromised small office and home office (SOHO) routers and f…THEHACKERNEWS.COM
7 FebFrom Cybercrime Saul Goodman to the Russian GRUIn 2021, the exclusive Russian cybercrime forum Mazafaka was hacked. The leaked user database shows one of the forum's founders was an attorney who advised Russia's top hackers on the legal risks of their work, and what to do if they got caught. A review of this user's hacker ide…KREBSONSECURITY.COM
7 FebCISA and Partners Release Advisory on PRC-sponsored Volt Typhoon Activity and Supplemental Living Off the Land GuidanceToday, CISA, the National Security Agency (NSA), and the Federal Bureau of Investigation (FBI) released a joint Cybersecurity Advisory (CSA), PRC State-Sponsored Actors Compromise and Maintain Persistent Access to U.S. Critical Infrastructure alongside supplemental Joint Guidance…CISA.GOV
7 FebMost Linux Systems Exposed to Complete Compromise via Shim VulnerabilityA critical remote code execution vulnerability in Shim could allow attackers to take over vulnerable Linux systems. The post Most Linux Systems Exposed to Complete Compromise via Shim Vulnerability appeared first on SecurityWeek .SECURITYWEEK.COM
7 FebJetBrains Patches Critical Authentication Bypass in TeamCityJetBrains releases patches for a critical-severity TeamCity authentication bypass leading to remote code execution. The post JetBrains Patches Critical Authentication Bypass in TeamCity appeared first on SecurityWeek .SECURITYWEEK.COM
7 FebFortinet warns of new FortiSIEM RCE bugs in confusing disclosureFortinet is warning of two new unpatched patch bypasses for a critical remote code execution vulnerability in FortiSIEM, Fortinet's SIEM solution. [...]BLEEPINGCOMPUTER.COM
📢 SECURITY ADVISORIES 9[−]
7 FebChinese Hackers Spy on Dutch Ministry of Defense: A Story of Alarming Cyber EspionageIn a revelation that adds yet another chapter to the ongoing saga of international cybersecurity threats, the Dutch Ministry of Defense recently shed light on a significant security breach. Reports that state-sponsored Chinese hackers have infiltrated the internal computer networ…KNOWBE4.COM
7 FebChinese hackers hid in US infrastructure network for 5 yearsThe Chinese Volt Typhoon cyber-espionage group infiltrated a critical infrastructure network in the United States and remained undetected for at least five years before being discovered, according to a joint advisory from CISA, the NSA, the FBI, and partner Five Eyes agencies. [.…BLEEPINGCOMPUTER.COM
7 FebChinese Hackers Preparing 'Destructive Attacks,' CISA WarnsOfficials Say Hackers Are Evading Detection on Critical Infrastructure Networks The U.S. Cybersecurity and Infrastructure Security Agency urged critical infrastructure owners to patch systems after publishing a warning that Chinese hackers are evading detection and maintaining pe…DATABREACHTODAY.CO.UK
7 FebBolstering Healthcare Cybersecurity: The Regulatory OutlookThe Biden administration's strategy for bolstering health sector cybersecurity, which includes newly released voluntary cyber performance goals and plans to update the HIPAA Security Rule, is fueling uncertainty in some organizations, said privacy attorney Iliana Peters of law fi…DATABREACHTODAY.CO.UK
7 FebCISA: China’s Volt Typhoon Hackers Planning Critical Infrastructure DisruptionNew CISA alert includes technical mitigations to harden attack surfaces and instructions to hunt for the Chinese government-backed hackers. The post CISA: China’s Volt Typhoon Hackers Planning Critical Infrastructure Disruption appeared first on SecurityWeek .SECURITYWEEK.COM
🔥 INCIDENT REPORTING 16[−]
7 FebMortgage Industry Attack Spree Punctuates Common ErrorsFinancial services organizations, including mortgage industry firms, are vulnerable to cyberattacks due to the critical functions they perform, the funding they handle, and the sensitive information they manage.CYBERSECURITYDIVE.COM
7 FebData Breach at French Healthcare Services Firm Viamedis Puts Millions at RiskViamedis, a French healthcare services firm, suffered a cyberattack exposing the sensitive data of policyholders and healthcare professionals, leading to disruptions in healthcare services.BLEEPINGCOMPUTER.COM
7 FebPaying Ransoms is Becoming a Cost of Doing Business for ManyCompanies are bracing for a significant increase in cyber threats in 2024, with 96% of respondents expecting the threat of cyberattacks to their industry to rise, and 71% predicting an increase of more than 50%, according to Cohesity.HELPNETSECURITY.COM
7 FebHow to Fight Long-Game Social Engineering AttacksSophisticated cybercriminals are playing the long game. Unlike the typical hit-and-run cyber attacks, they build trust before laying their traps. They create a story so believable and intertwined with trust that even the most careful individuals can get caught in a trap set over …KNOWBE4.COM
7 FebRansomware payments reached record $1.1 billion in 2023Ransomware payments in 2023 soared above $1.1 billion for the first time, shattering previous records and reversing the decline seen in 2022, marking the year as an exceptionally profitable period for ransomware gangs. [...]BLEEPINGCOMPUTER.COM
7 FebINTERPOL Uncovers 1,300+ Servers Used as Launchpads For Cyber AttacksA recent massive operation by INTERPOL, which happens to be the biggest international police organization in the world, has successfully targeted the underlying infrastructure behind malicious activities such as phishing, malware, and ransomware attacks. The operation is a signif…GBHACKERS.COM
7 FebHow to Apply Zero Trust to your Active DirectoryWith cyberattacks happening everyday, how can we apply zero trust principles towards keeping our Active Directory secure? Learn more from Specops Software on how to apply zero trust principles. [...]BLEEPINGCOMPUTER.COM
7 FebMedical Center Fined $4.75M in Insider ID Theft IncidentThe incident revealed data security failures and led to a corrective action plan, including a thorough security risk analysis and implementation of audit controls, to address vulnerabilities and improve patient information protection.BANKINFOSECURITY.COM
7 FebHoles Appear in Internet-Connected Toothbrush Botnet WarningDon't Brush in Fear, as Supposed DDoS Dental Trauma Fails to Pass Muster Breathless reports claim 3 million IoT toothbrushes have been remotely compromised and used to target unsuspecting businesses via distributed denial-of-service attacks. Just one problem: This story has more …DATABREACHTODAY.CO.UK
7 FebThe unlikely 3 million electric toothbrush DDoS attackA widely reported story that 3 million electric toothbrushes were hacked with malware to conduct distributed denial of service (DDoS) attacks is likely a hypothetical scenario instead of an actual attack. [...]BLEEPINGCOMPUTER.COM
7 FebMalware-as-a-Service Now the Top Threat to OrganizationsMalware-as-a-Service (MaaS) infections and Ransomware-as-a-Service (RaaS) attacks were the predominant cybersecurity threats in the second half of 2023, posing a significant danger to organizations, according to a new Darktrace report.INFOSECURITY-MAGAZINE.COM
7 FebNo, 3 million electric toothbrushes were not used in a DDoS attackA widely reported story that 3 million electric toothbrushes were hacked with malware to conduct distributed denial of service (DDoS) attacks is likely a hypothetical scenario instead of an actual attack. [...]BLEEPINGCOMPUTER.COM
7 FebVerizon Says Data Breach Impacted 63,000 EmployeesVerizon is notifying 63,206 employees that their personal information was exposed in an internal data breach. The post Verizon Says Data Breach Impacted 63,000 Employees appeared first on SecurityWeek .SECURITYWEEK.COM
7 FebChina-backed Volt Typhoon hackers have lurked inside US critical infrastructure for ‘at least five years’China-backed hackers have maintained access to American critical infrastructure for “at least five years” with the long-term goal of launching “destructive” cyberattacks, a coalition of U.S. intelligence agencies warned on Wednesday. Volt Typhoon, a state-sponsored group of…TECHCRUNCH.COM
7 FebRecord-Breaking Ransomware Profits Surpassed $1B in 2023Ongoing Innovation and Sophistication Drive Unparalleled Profits Attackers wielding ransomware collectively earned over $1 billion last year - breaking previous records. Their increasingly sophisticated attacks targeted "high-profile institutions and critical infrastructure, incl…DATABREACHTODAY.CO.UK
🕵️ THREAT INTELLIGENCE 20[−]
7 Febapk.sh makes reverse engineering Android apps easier, automating some repetitive tasks like pulling, decoding, rebuilding and patching an APK.submitted by L4s to secops 1 points | 0 comments https://github.com/ax/apk.sh apk.sh makes reverse engineering Android apps easier, automating some repetitive tasks like pulling, decoding, rebuilding and patching an APK.::apk.sh makes reverse engineering Android apps easier, auto…GITHUB.COM
7 FebMeta Says It Will Label AI-Generated Images on Facebook and InstagramFacebook and Instagram users will start seeing labels on AI-generated images that appear on their social media feeds, as the tech industry aims to sort between what’s real and not. The post Meta Says It Will Label AI-Generated Images on Facebook and Instagram appeared first on Se…SECURITYWEEK.COM
7 FebISC Stormcast For Wednesday, February 7th, 2024 https://isc.sans.edu/podcastdetail/8842, (Wed, Feb 7th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
7 FebResearchers Uncover DiceLoader Malware Used to Attack Corporate BusinessAn intrusion set called FIN7 has been known to be operating since 2015 and is composed of Russian-speaking members. This threat group also pretends to be a company that recruits IT experts to hide their illegal activities. Targets of this threat group include retail, hospit…GBHACKERS.COM
7 FebBrief – Back to Basics: For Better Security, Bank on Function Over FormBrief – Back to Basics: For Better Security, Bank on Function Over Form The post Brief – Back to Basics: For Better Security, Bank on Function Over Form appeared first on Security Intelligence .SECURITYINTELLIGENCE.COM
7 FebHarnessing the Power of AI in Cybersecurity — Predictions and SolutionsDiscover how AI in cybersecurity reshapes careers. Explore near-term predictions, medium-term impacts and long-term visions with insights from Chris Scott. The post Harnessing the Power of AI in Cybersecurity — Predictions and Solutions appeared first on Palo Alto Networks Blog .PALOALTONETWORKS.COM
7 FebWhat are You Working on Wednesdaysubmitted by shellsharks to cybersecurity 1 points | 1 comments Weekly thread to discuss whatever you’re working on, big or small, at work or in your free time.INFOSEC.PUB
7 FebChinese hackers fail to rebuild botnet after FBI takedownChinese Volt Typhoon state hackers failed to revive a botnet recently taken down by the FBI, which was previously used in attacks targeting critical infrastructure across the United States. [...]BLEEPINGCOMPUTER.COM
7 FebThree million malware-infected smart toothbrushes used in Swiss DDoS attacks — botnet causes millions of euros in damagessubmitted by oh_gosh_its_osh to cybersecurity 6 points | 0 comments https://www.tomshardware.com/networking/three-million-malware-infected-smart-toothbrushes-used-in-swiss-ddos-attacks-botnet-causes-millions-of-euros-in-damages Fear them tooth brushes.TOMSHARDWARE.COM
7 FebDevice Authority Raises $7M for Enterprise IoT Identity and Access Management PlatformDevice Authority raises $7 million in a Series A funding round for its enterprise identity and access management for IoT solution. The post Device Authority Raises $7M for Enterprise IoT Identity and Access Management Platform appeared first on SecurityWeek .SECURITYWEEK.COM
7 FebCybersecurity M&A Roundup: 34 Deals Announced in January 2024Thirty-four cybersecurity-related merger and acquisition (M&A) deals were announced in January 2024. The post Cybersecurity M&A Roundup: 34 Deals Announced in January 2024 appeared first on SecurityWeek .SECURITYWEEK.COM
7 FebFortinet Patches Critical Vulnerabilities in FortiSIEMTwo critical OS command injection flaws in FortiSIEM could allow remote attackers to execute arbitrary code. The post Fortinet Patches Critical Vulnerabilities in FortiSIEM appeared first on SecurityWeek .SECURITYWEEK.COM
7 FebClosing The Supply Chain Visibility Gap - Dr. Olga Livingston - BTS #23Short of ripping everything apart (hardware and software) and inspecting the components, which is very time-consuming, how do we solve the visibility gap in various supply chains? Dr. Olga Livingston from DARPA joins us to discuss! This segment is sponsored by Eclypsium. Visit ht…YOUTUBE.COM
7 FebDHS Is Recruiting Techies for the AI CorpsThe Agency Plans to Hire 50 AI Experts This Year The U.S. Department of Homeland Security is recruiting dozens of artificial intelligence experts to integrate AI abilities into government work such as defending against cyberthreats and using AI-powered computer vision to assess d…DATABREACHTODAY.CO.UK
7 FebGoogle Settles Google+ API Data Leak Lawsuit for $350MPlaintiffs Alleged Google Sought to Cover Up API Flaw That Exposed Private Data Silicon Valley giant Google agreed to settle for $350 million a shareholder lawsuit alleging it mislead investors by attempting to cover up a privacy flaw in now-defunct social network Google+ that re…DATABREACHTODAY.CO.UK
7 FebYou Can’t Defend What You Can’t Define with Sergey Bratus, DARPA Program ManagerYou Can’t Defend What You Can’t Define with Sergey Bratus, DARPA Program Manager, Information Innovation Office at DARPA – PSW #816860 As a computer-smitten middle-schooler in the former Soviet Union in the 1970s, to his current and prominent role in the cybersecurity research co…YOUTUBE.COM
7 FebEntrust in Talks to Acquire Onfido for AI-Based ID ChecksAcquisition Would Support Entrust's Digital Identity Security Portfolio Entrust, a pioneer payment, identity and data security software and services provider, is in talks to acquire Onfido, a pioneer in cloud-based, AI-powered identity verification technology, for a reported $400…DATABREACHTODAY.CO.UK
7 FebJetBrains Patches Authentication Bypass Flaw in TeamCityShadowserver Foundation Found Approximately 2,000 Exposed JetBrains Servers Software developers are in a race against time to patch a flaw that could result in supply chain attacks, warned the integrated development environment maker JetBrains, which on Monday released an urgent …DATABREACHTODAY.CO.UK
7 FebMeta Is Being Urged to Crack Down on UK Payment ScamsBanking Fraud Heads Say Facebook Marketplace Is Teeming With Scammers Meta-owned online marketplaces are swarming with scammers who use deceptive ads to defraud banking customers, fraud prevention heads at leading British banks testified before a U.K. Parliament committee. They c…DATABREACHTODAY.CO.UK
7 FebTo BEC or Not to BEC: How to Approach New Email Authentication RequirementsOnDemand | The Tools & Technology You Need to Meet Google/Yahoo Email Authentication Requirements Our email authentication experts will be on hand to provide their insight and a demonstration of how exactly Proofpoint Email Fraud Defense can help identify and close requirement ga…DATABREACHTODAY.CO.UK
🌐 CYBER THREAT LANDSCAPE 5[−]
7 FebUK and France Assemble Diplomats for International Agreement on SpywareThe United Kingdom and France are co-hosting a diplomatic conference in London to address the proliferation of commercial cyber intrusion tools. The conference will include 35 nations, big tech leaders, legal experts, and human rights defenders.THERECORD.MEDIA
7 FebGlobal Coalition and Tech Giants Unite Against Commercial Spyware AbuseA coalition of dozens of countries, including France, the U.K., and the U.S., along with tech companies such as Google, MDSec, Meta, and Microsoft, have signed a joint agreement to curb the abuse of commercial spyware to commit human rights abuses. The initiative, dubbed the …THEHACKERNEWS.COM
7 FebAttack Surface Management Platform Ionix Adds Another $15M to its $27M Series A RoundIonix (formerly Cyberpion) secured an additional $15 million in funding, bringing its total funding to $50.3 million. The company offers a platform to help enterprises manage their security posture and software supply chain across various platforms.TECHCRUNCH.COM
7 FebFacebook ads push new Ov3r_Stealer password-stealing malwareA new password-stealing malware named Ov3r_Stealer is spreading through fake job advertisements on Facebook, aiming to steal account credentials and cryptocurrency. [...]BLEEPINGCOMPUTER.COM
🎙️ PODCASTS 2[−]
7 FebCyber Security Today, Feb. 7, 2024 - Deepfake video costs company US$25 millionThis episode reports on a sophisticated scam that cost a company big money, and moreCYBERSECURITYTODAY.LIBSYN.COM
7 FebTransatlantic Cable podcast episode 333 | Kaspersky official blogpisode 333 of the Kaspersky podcast looks at deepfake photo IDs, Taylor Swift, Valhiem Discord mayhem and Interpol busts.KASPERSKY.COM
📡 INFOSEC NEWS 22[−]
7 FebBusinesses Banning or Limiting Use of GenAI Over Privacy RisksBoth consumers and businesses prioritize transparency in data usage, with businesses recognizing the importance of external privacy certifications in building consumer trust and loyalty.HELPNETSECURITY.COM
7 FebNew Webinar: 5 Steps to vCISO Success for MSPs and MSSPs2024 will be the year of the vCISO. An incredible 45% of MSPs and MSSPs are planning to start offering vCISO services in 2024. As an MSP/MSSP providing vCISO services, you own the organization’s cybersecurity infrastructure and strategy. But you also need to position yo…THEHACKERNEWS.COM
7 FebZeroFox to go private in $350M acquisition by Haveli InvestmentsThe acquisition, which has been approved by ZeroFox's Board of Directors, is expected to close in the first half of 2024. After the acquisition, ZeroFox will transition from a public entity to a privately held company.IN.INVESTING.COM
7 FebWhat kind of education does a cybersecurity specialist need? | Kaspersky official blogWhat kind of education does a cybersecurity specialist need: formal or “additional”?KASPERSKY.COM
7 FebSpoutible API Exposed Encrypted Password Reset Tokens, 2FA Secrets of UsersThe social media platform Spoutible had a publicly exposed API that allowed hackers to scrape sensitive user information, including hashed passwords, authentication seeds, and password reset tokens.HELPNETSECURITY.COM
7 FebLinux Foundation Announces Post-Quantum Cryptography AllianceThe Post-Quantum Cryptography Alliance aims to drive the adoption of post-quantum cryptography to address security risks posed by quantum computing, with support from industry leaders like Google, IBM, Amazon Web Services, and Cisco.TECHTARGET.COM
7 FebEndpoint security startup NinjaOne lands $231.5M at $1.9B valuationJust two years ago, VC funding to cybersecurity startups was on fire. $23 billion flooded the sector, per Crunchbase. But in 2023, cybersecurity upstarts only saw a third of that — the result of the exceptional surge in 2021, bloated valuations and investors wary of market …TECHCRUNCH.COM
7 FebThree Ways to Achieve Crypto Agility in a Post-Quantum WorldCrypto agility, including the ability to rapidly switch between certificate authorities and encryption standards, is essential for securing digital infrastructure in today's automated operational environment.HELPNETSECURITY.COM
7 FebCritical Bugs in Canon Printers Allow Code Execution, DDoSCanon has patched critical buffer-overflow bugs in its printers that could allow attackers to remotely perform denial of service or execute arbitrary code, emphasizing the importance of promptly updating firmware.DARKREADING.COM
7 FebAre Cybersecurity Performance Measures Realistic?The GAO urged the White House to establish performance measures for federal cybersecurity initiatives, but the ONCD pushed back, citing the difficulty of developing outcome-oriented measures and estimating implementation costs.BANKINFOSECURITY.COM
7 FebReport: Two Million Brits Victims of Financial Identity FraudNearly two million people in the UK may have had their identity stolen and used by fraudsters to open a financial account in 2023, according to FICO’s new Fraud, Identity and Digital Banking Report.INFOSECURITY-MAGAZINE.COM
7 FebAnybody knows that this URL is about? Maybe Balena API request?, (Wed, Feb 7th)Yesterday, I noticed a new URL in our honeypots: /v5/device/heartbeat. But I have no idea what this URL may be associated with. Based on some googleing, I came across Balena, a platform to manage IoT devices [1]. Does anybody have any experience with this software and k…ISC.SANS.EDU
7 FebCritical Cisco bug exposes Expressway gateways to CSRF attacksCisco has patched several vulnerabilities affecting its Expressway Series collaboration gateways, two of them rated as critical severity and exposing vulnerable devices to cross-site request forgery (CSRF) attacks. [...]BLEEPINGCOMPUTER.COM
7 FebSophos named a Leader in the 2024 IDC MarketScape for Worldwide Modern Endpoint Security for Midsize BusinessesThe IDC MarketScape study evaluates endpoint security vendors' prevention, EDR, and MDR capabilities and business strategies.SOPHOS.COM
7 FebGoogle tests blocking side-loaded Android apps with risky permissionsGoogle has launched a new pilot program to fight financial fraud by blocking the sideloading of Android APK files that request access to risky permissions. [...]BLEEPINGCOMPUTER.COM
7 FebDenmark orders schools to stop sending student data to GoogleThe Danish data protection authority (Datatilsynet) has issued an injunction regarding student data being funneled to Google through the use of Chromebooks and Google Workspace services in the country's schools. [...]BLEEPINGCOMPUTER.COM
7 FebA Deepfake Scammed a Bank out of $25M — Now What?A finance worker in Hong Kong was tricked by a deepfake video conference. The future of defending against deepfakes is as much as human challenge as a technological one.TRENDMICRO.COM
7 FebThe toothbrush DDoS attack: How misinformation spreads in the cybersecurity worldNo, three million smart toothbrushes didn't launch a DDoS attack against a Swiss company.GRAHAMCLULEY.COM