123Articles
9Categories
2024-02-14Date
🚨 CISA KEV 1[−]
14 Feb KEVThreat Actor Leverages Compromised Account of Former Employee to Access State Government OrganizationSUMMARY The Cybersecurity and Infrastructure Security Agency (CISA) and the Multi-State Information Sharing & Analysis Center (MS-ISAC) conducted an incident response assessment of a state government organization’s network environment after documents containing host and user info…CISA.GOV
🐛 COMMON VULNERABILITIES AND EXPOSURES 7[−]
14 FebUrgent Patches Available for QNAP Vulnerabilities, One Zero-DayThe vulnerabilities, CVE-2023-50358 and CVE-2023-47218, are command injection flaws in the QTS firmware, with potential for remote code execution, impacting a large number of devices globally.THEREGISTER.COM
14 FebDarkMe Malware Targets Traders Using Microsoft SmartScreen Zero-Day VulnerabilityA newly disclosed security flaw in the Microsoft Defender SmartScreen has been exploited as a zero-day by an advanced persistent threat actor called Water Hydra (aka DarkCasino) targeting financial market traders. Trend Micro, which began tracking the campaign in late D…THEHACKERNEWS.COM
14 FebWindows Zero-Day Exploited in Attacks on Financial Market TradersCVE-2024-21412, one of the security bypass zero-days fixed by Microsoft with Patch Tuesday updates, exploited by Water Hydra (DarkCasino). The post Windows Zero-Day Exploited in Attacks on Financial Market Traders appeared first on SecurityWeek .SECURITYWEEK.COM
14 FebNation-state threat actors using LLMs to boost cyber operationsNation-state groups Forest Blizzard, Emerald Sleet, Crimson Sandstorm, Charcoal Typhoon, and Salmon Typhoon are using large language models (LLMs) to improve and expand their criminal activities, according to findings from Microsoft Threat Intelligence Cyber Signals 2024, done in…CSOONLINE.COM
14 FebAttackers Exploit Microsoft Security-Bypass Zero-Day BugsOne of the zero-days, CVE-2024-21412, allows attackers to bypass security features and deploy malware. The other zero-day, CVE-2024-21351, enables attackers to bypass SmartScreen protections and potentially gain remote code execution capabilities.DARKREADING.COM
14 FebQNAP vulnerability disclosure ends up an utter shamblessubmitted by c0mmando to netsec 2 points | 1 comments https://www.theregister.com/2024/02/13/qnap_latest_vulnerabilities/ Network-attached storage (NAS) specialist QNAP has disclosed and released fixes for two new vulnerabilities, one of them a zero-day discovered in early Novemb…THEREGISTER.COM
14 FebDNSSEC vulnerability puts big chunk of the internet at risksubmitted by c0mmando to netsec 2 points | 1 comments https://www.theregister.com/2024/02/13/dnssec_vulnerability_internet/ A single packet can exhaust the processing capacity of a vulnerable DNS server, effectively disabling the machine, by exploiting a 20-plus-year-old design f…THEREGISTER.COM
⚠️ VULNERABILITY DISCLOSURE 33[−]
14 FebFebruary’s Patch Tuesday treats customers to 72 patchesTwo issues under active exploit in the wild headline fixes across 13 product groupsSOPHOS.COM
14 FebMore Signs of a Qakbot ResurgenceQakbot Wouldn't Be the First Trojan to Come Back After a Takedown Takedowns aren't always forever in cyberspace. Months after a U.S. law enforcement operation dismantled the notorious Qakbot botnet, security researchers said signs are pointing to a resurgence. Someone with access…DATABREACHTODAY.CO.UK
14 FebGlobal Malicious Activity Targeting Elections is SkyrocketingAccording to Resecurity, malicious cyber-activity has increased by 100% between 2023 and early 2024, with threat actors aiming to acquire and exploit voter data for potential propaganda campaigns and electoral interference.HELPNETSECURITY.COM
14 FebRaspberry Robin Worm Rides on New One-Day Flaws to Launch Stealthy AttacksCheck Point Research revealed a concerning trend in the tactics of the notorious malware, Raspberry Robin, indicating a transition towards purchasing exploits for swifter cyber assaults. Previously, the malware operators integrated exploits for year-old vulnerabilities but now pr…CYWARE.COM
14 FebSAP Patches Critical Vulnerability Exposing User, Business DataSAP patches a critical code-injection vulnerability in the SAP ABA (Application Basis) cross-application component. The post SAP Patches Critical Vulnerability Exposing User, Business Data appeared first on SecurityWeek .SECURITYWEEK.COM
14 FebMicrosoft Rolls Out Patches for 73 Flaws, Including 2 Windows Zero-DaysMicrosoft has released patches to address 73 security flaws spanning its software lineup as part of its Patch Tuesday updates for February 2024, including two zero-days that have come under active exploitation. Of the 73 vulnerabilities, 5 are rated Critical, 65 are rat…THEHACKERNEWS.COM
14 FebZLoader Now Attack 64-bit Windows: Live Analyse With ANY.RUN SandboxZLoader is a banking Trojan malware that steals sensitive financial information from infected systems. Threat actors exploit this malware to conduct a multitude of illicit activities. This malware is often distributed through phishing emails or malicious websites, allowing the th…GBHACKERS.COM
14 FebHackers paralyze battery maker Varta in cyberattackThe Varta Group was the target of a cyberattack on parts of its IT systems on the night of Feb. 12, the battery manufacturer has announced. Five production plants and the company’s administration were affected. “The IT systems and thus also production were proactively shut do…CSOONLINE.COM
14 FebRisky Business podcast #736 - Azure misconfigurations are 2024's looming threat - 53 minutessubmitted by ashar to security_cpe 4 points | 0 comments https://infosec.pub/pictrs/image/6be48ab1-fed2-4959-9e3c-105e1104a87e.png Risky Business podcast #736 - Azure misconfigurations are 2024’s looming threat In this week’s show Patrick Gray and Adam Boileau discuss the week’s …INFOSEC.PUB
14 FebCybersecurity Tactics FinServ Institutions Can Bank On in 2024The landscape of cybersecurity in financial services is undergoing a rapid transformation. Cybercriminals are exploiting advanced technologies and methodologies, making traditional security measures obsolete. The challenges are compounded for community banks that must safeguard s…THEHACKERNEWS.COM
14 Feb20-Year-Old DNSSEC Vulnerability Puts Big Chunk of the Internet at RiskA 20-plus-year-old design flaw in the DNSSEC specification, named KeyTrap, can be exploited by a single packet to disable vulnerable DNS servers, affecting web clients and other applications relying on them.THEREGISTER.COM
14 FebKeyTrap DNS Attack Could Disable Large Parts of Internet: ResearchersPatches released for a new DNSSEC vulnerability named KeyTrap, described as the worst DNS attack ever discovered. The post KeyTrap DNS Attack Could Disable Large Parts of Internet: Researchers appeared first on SecurityWeek .SECURITYWEEK.COM
14 FebSoftware security debt piles up for organizations even as critical flaws dropWhile the prevalence of high-severity security flaws in applications has dropped significantly in the last few years, a large number of organizations still have critical security debt, according to a research by Veracode. The research is based on data collected from Veracode’s re…CSOONLINE.COM
14 FebUbuntu 'command-not-found' Tool Could Trick Users into Installing Rogue PackagesCybersecurity researchers have found that it's possible for threat actors to exploit a well-known utility called command-not-found to recommend their own rogue packages and compromise systems running Ubuntu operating system. "While 'command-not-found' serves as a convenient tool …THEHACKERNEWS.COM
14 FebCupid’s Arrow of Cyber ScamsValentine's Day. A time where love is in the air, florists work overtime, and restaurant tables are as scarce as a truthful politician. But as we're busy swiping right in hopes of finding that special someone, cybercriminals are swiping left...on your security. Heartbreak hits di…KNOWBE4.COM
14 FebZoom Patches Critical Vulnerability in Windows ApplicationsZoom patches seven vulnerabilities in its products, including a critical-severity bug in its Windows applications. The post Zoom Patches Critical Vulnerability in Windows Applications appeared first on SecurityWeek .SECURITYWEEK.COM
14 FebMore Signs of a Qakbot ResurgenceSecurity researchers have lately observed new builds and incremental changes to the malware, indicating that someone with access to its source code is experimenting with it.HEALTHCAREINFOSECURITY.COM
14 Feb13 Security Flaws in Adobe Acrobat & Reader Allows Remote Code ExecutionA critical security update for both Windows and macOS is available for Adobe Acrobat and Reader. Per Adobe, this update fixes serious vulnerabilities that could lead to arbitrary code execution, application denial-of-service, and memory leaks. Document Live Account Takeover Attac…GBHACKERS.COM
14 FebAtlassian Vulnerability at Fault in GAO BreachThe Government Accountability Office (GAO) suffered a data breach affecting thousands of current and former employees, which was carried out through a vulnerability in the Atlassian Confluence workforce collaboration tool.CYBERSCOOP.COM
14 FebPrudential Financial Breached in Data Theft CyberattackThe company has reported the security breach to law enforcement and regulatory authorities and is conducting an ongoing investigation to assess the full impact of the incident.BLEEPINGCOMPUTER.COM
14 FebGerman battery maker Varta halts production after cyberattackBattery maker VARTA AG announced yesterday that it was targeted by a cyberattack that forced it to shut down IT systems, causing production to stop at its plants. [...]BLEEPINGCOMPUTER.COM
14 FebMicrosoft Catches APTs Using ChatGPT for Vuln Research, Malware ScriptingMicrosoft threat hunters say foreign APTs are interacting with OpenAI’s ChatGPT to automate malicious vulnerability research, target reconnaissance and malware creation tasks. The post Microsoft Catches APTs Using ChatGPT for Vuln Research, Malware Scripting appeared first on Sec…SECURITYWEEK.COM
14 FebIs Ransomware Finally in Decline? Groups Are 'Struggling'Researchers See Waning Mystique, Use of Ghost Groups, Breach Tricks, Trauma of War While overall ransomware profits might remain high, many of the remaining or rebooted top-tier groups are "really struggling" with scarce talent, trauma from the Russia-Ukraine war and repeated dis…DATABREACHTODAY.CO.UK
14 FebMicrosoft: New critical Outlook RCE bug exploited as zero-dayMicrosoft updated a security advisory today to warn that a critical Outlook bug was exploited in attacks as a zero-day before being fixed during this month's Patch Tuesday. [...]BLEEPINGCOMPUTER.COM
14 FebZoom patches critical privilege elevation flaw in Windows appsThe Zoom desktop and VDI clients and the Meeting SDK for Windows are vulnerable to an improper input validation flaw that could allow an unauthenticated attacker to conduct privilege escalation on the target system over the network. [...]BLEEPINGCOMPUTER.COM
14 FebSurge in “hunter-killer” malware poses significant challenge to security teamsThreat actors have stepped up their efforts over the last year to launch attacks aimed at disabling enterprise defenses, according to the annual Red Report released Tuesday by Picus Security. The findings demonstrate a drastic shift in adversaries’ ability to identify and neutral…CSOONLINE.COM
14 FebAttack campaign targeting Azure environments compromised hundreds of accountsSecurity researchers warn that an ongoing cloud account takeover campaign has impacted dozens of Microsoft Azure environments owned by organizations from around the world. The attackers have compromised hundreds of accounts since late November 2023 including managers and senior e…CSOONLINE.COM
14 FebVisibility, alarm fatigue top remediation concerns in cloud securityStriking a balance between sufficient visibility into cloud computing environments and the potential for an overdose of false positives and duplicate alerts is the key challenge facing cloud security professionals, according to the State of Security Remediation report from the Cl…CSOONLINE.COM
14 FebNew critical Microsoft Outlook RCE bug is trivial to exploitMicrosoft says remote unauthenticated attackers can trivially exploit a critical Outlook security vulnerability that also lets them bypass the Office Protected View. [...]BLEEPINGCOMPUTER.COM
14 FebMicrosoft: New critical Exchange bug exploited as zero-dayMicrosoft warned today in an updated security advisory that a critical vulnerability in Exchange Server was exploited as a zero-day before being fixed during this month's Patch Tuesday. [...]BLEEPINGCOMPUTER.COM
14 FebEncryption Vital For Right to Privacy, European Court RulesCourt of Human Rights Ruling Challenges Russian Data Interception in Telegram Case A European court has sided with a Russian petitioner who challenged a Kremlin rule that requires telecom firms to backdoor their servers for law enforcement data collection. The court found that en…DATABREACHTODAY.CO.UK
📋 SECURITY BULLETINS 2[−]
14 FebCyber Security Today, Feb. 14, 2024 - Get cracking on Patch Tuesday fixesThis episode reports on the latest patches released by major IT companies, and moreCYBERSECURITYTODAY.LIBSYN.COM
14 FebChipmaker Patch Tuesday: AMD and Intel Patch Over 100 VulnerabilitiesAMD and Intel patch dozens of vulnerabilities on February 2024 Patch Tuesday, including multiple high-severity bugs. The post Chipmaker Patch Tuesday: AMD and Intel Patch Over 100 Vulnerabilities appeared first on SecurityWeek .SECURITYWEEK.COM
📢 SECURITY ADVISORIES 20[−]
14 FebEurope's AI Act Poised To Become Law After Committees VoteACt Will Require Developers to Allows A Copyright Holder Opt Out Two key European Parliament committees accepted a political compromise set to govern how trading bloc countries develop and deploy artificial intelligence. The regulation is set to become the globe's first comprehen…DATABREACHTODAY.CO.UK
14 FebThey're Back? HHS OCR Is Eyeing the Return of HIPAA AuditsThe Agency Is Surveying Previous Auditees to Reassess the Dormant Program As U.S. federal regulators fine-tune a strategy to push the healthcare sector into a stronger cybersecurity posture, they appear to be dusting off a HIPAA compliance audit program that's been dormant for th…DATABREACHTODAY.CO.UK
14 Feb KEVWill generative AI kill KYC authentication?For decades, the financial sector and other industries have relied on an authentication mechanism dubbed “know your customer” (KYC), a process that confirms a person’s identity when opening account and then periodically confirming that identity overtime. KYC typically invol…CSOONLINE.COM
14 FebImproving the Cryptanalysis of Lattice-Based Public-Key AlgorithmsThe winner of the Best Paper Award at Crypto this year was a significant improvement to lattice-based cryptanalysis. This is important, because a bunch of NIST’s post-quantum options base their security on lattice problems. I worry about standardizing on post-quantum algori…SCHNEIER.COM
14 FebNIST Celebrates National Entrepreneurship WeekWhat is National Entrepreneurship (NatlEshipWeek) Week? Celebrated February 10-17, 2024, “NatlEshipWeek is a congressionally chartered week dedicated to empowering entrepreneurship across the United States. The annual initiative was relaunched in 2017 as NatlEshipWeek to bring to…NIST.GOV
14 FebAI in Cyberspace: A Double-Edged SwordThe UK's National Cyber Security Centre (NCSC), recently shared its findings on how AI might reshape the cyber landscape. In two separate posts, the NCSC is warning that the global ransomware threat is expected to rise with AI .KNOWBE4.COM
14 FebPrudential Financial Discloses Data BreachPrudential Financial says administrative and user data was compromised in a cyberattack earlier this month. The post Prudential Financial Discloses Data Breach appeared first on SecurityWeek .SECURITYWEEK.COM
14 FebThey're Back: HHS OCR Plans to Resurrect Random HIPAA AuditsAgency Is Surveying Previous Auditees to Reassess Dormant Audit Program As U.S. federal regulators fine-tune a strategy to push the healthcare sector into a stronger cybersecurity posture, they are also dusting off a HIPAA compliance audit program that's been dormant for the last…DATABREACHTODAY.CO.UK
14 FebFrance Uncovers Russian Disinformation Campaign'Portal Kombat' Is an Automated Pro-Russian Propaganda Network The French Ministry for Europe and Foreign Affairs accused Russia of running a disinformation campaign targeting Kyiv's Western allies ahead of the second anniversary of Moscow's invasion of Ukraine. The Russian appro…DATABREACHTODAY.CO.UK
🔥 INCIDENT REPORTING 18[−]
14 FebResponsible Use of Artificial IntelligenceA Practical Guide for Cybersecurity Professionals Beyond the hype, AI is transforming cybersecurity by automating threat detection, streamlining incident response and predicting attacker behaviors. Organizations are increasingly deploying AI to protect their data, stay ahead of c…DATABREACHTODAY.CO.UK
14 FebDOD Notifying People Who May be Impacted by a Year-Old Data BreachThe breach occurred from February 3, 2023, through February 20, 2023, and involved email messages containing personally identifiable information (PII) associated with individuals supporting or seeking employment with the DOD.DEFENSESCOOP.COM
14 FebIranian Cyberattacks Targeting U.S. and Israeli EntitiesIranian state-backed actors have consistently targeted the U.S. and Israel with cyberattacks, including destructive malware and influence campaigns, before and after the Israel-Hamas war.TECHTARGET.COM
14 FebUpdate: Southern Water Notifies Customers and Employees of Data BreachThe company plans to notify 5-10% of its customer base, potentially affecting 230,000 to 460,000 people. The breach, attributed to the Black Basta ransomware group, led to the theft of data from a limited part of the company's server estate.INFOSECURITY-MAGAZINE.COM
14 FebIntegris Health Says Data Breach Impacts 2.4 Million PatientsThe breach involved sensitive details such as full names, dates of birth, contact information, and Social Security Numbers. The threat actor demanded a ransom and threatened to sell the stolen data if their demands were not met.BLEEPINGCOMPUTER.COM
14 FebAlbanian Authorities Accuse Iranian-Backed Hackers of Cyberattack on Institute of StatisticsAlbania’s cybersecurity authorities have accused a hacker group “sponsored” by the Iranian government of attacking the country’s Institute of Statistics earlier this month. The post Albanian Authorities Accuse Iranian-Backed Hackers of Cyberattack on Institute of Statistics appea…SECURITYWEEK.COM
14 FebUS military notifies 20,000 of data breach after cloud email leakThe U.S. Department of Defense is notifying tens of thousands of individuals that their personal information was exposed in an email data spill last year. According to the breach notification letter sent out to affected individuals on February 1, the Defense Intelligence Agency —…TECHCRUNCH.COM
14 FebAnother Ransomware-as-a-Service Known as “Wing” Takes Flight on the Dark WebAnalysis of this newly-spotted service makes it clear that the newest entrant into the Ransomware-as-a-Service (RaaS) space has taken note of where predecessors are lacking and launched a better product.KNOWBE4.COM
14 FebMicrosoft, OpenAI Warn of Nation-State Hackers Weaponizing AI for CyberattacksNation-state actors associated with Russia, North Korea, Iran, and China are experimenting with artificial intelligence (AI) and large language models (LLMs) to complement their ongoing cyber attack operations. The findings come from a report published by Microsoft in collaborati…THEHACKERNEWS.COM
14 FebPrudential Financial Discloses Data BreachPACKETSTORMSECURITY.COM
14 FebTrans-Northern Pipelines investigating ALPHV ransomware attack claimsTrans-Northern Pipelines (TNPI) has confirmed its internal network was breached in November 2023 and that it's now investigating claims of data theft made by the ALPHV/BlackCat ransomware gang. [...]BLEEPINGCOMPUTER.COM
14 FebUK utility giant Southern Water says hackers stole personal data of hundreds of thousands of customersU.K.-based water utility Southern Water has confirmed that hackers stole the personal data of as many as 470,000 customers in a recent data breach. Southern Water, which provides water and wastewater services to millions of people across the South East of England, said in a state…TECHCRUNCH.COM
14 FebSouth Korea Says Presumed North Korean Hackers Breached Personal Emails of Presidential StafferSouth Korean President Yoon Suk Yeol’s office said presumed North Korean hackers breached the personal emails of one of his staff members. The post South Korea Says Presumed North Korean Hackers Breached Personal Emails of Presidential Staffer appeared first on SecurityWeek .SECURITYWEEK.COM
14 FebLockBit claims ransomware attack on Fulton County, GeorgiaThe LockBit ransomware gang claims to be behind the recent cyberattack on Fulton County, Georgia, and is threatening to publish "confidential" documents if a ransom is not paid. [...]BLEEPINGCOMPUTER.COM
14 FebNavigating the Cybersecurity Frontier: Insights from a Seasoned Professional - Toby Mi... - PSW #817Welcome to a riveting episode of Hacker Heroes, where we sit down with Toby Miller, a distinguished figure in the realm of cybersecurity. Toby brings a wealth of experience and a passion for fortifying digital landscapes against ever-evolving threats. Armed with a profound unders…YOUTUBE.COM
14 FebHackers Try to Extort $50 From Child, 2 Million More at RiskOklahoma Integris Health Facing Multiple Lawsuits in 2023 Breach An Oklahoma-based healthcare system is notifying 2.4 million individuals that their sensitive information was potentially compromised in an exfiltration incident last year. Cybercriminals have been attempting to ext…DATABREACHTODAY.CO.UK
🕵️ THREAT INTELLIGENCE 19[−]
14 FebUSPTO: AI Can Assist Inventors But Can't Hold PatentsHumans Must Show Significant Role in AI-Assisted Cases for Inventor Label The U.S. federal patent authority aims to provide clarity on how it will analyze inventions. Only humans can be named in single-person patents, and at least one human must be labelled as the inventor of any…DATABREACHTODAY.CO.UK
14 FebGenerative AI and the Brave New World of WorkCyberEd.io's Steve King on How Gen AI Will Disrupt and Transform Careers Generative AI is both the villain in the tale of job displacement and the hero ushering in a new era of enhanced job roles and opportunities. Steve King of CyberEd.io discusses how gen AI will make your care…DATABREACHTODAY.CO.UK
14 FebFinancial Institutions Embrace Cyber Fusion Centers for Unified Approach to Evolving RisksCyber Fusion Centers (CFCs) enable threat intelligence operationalization, information sharing, and automation of threat response, providing a unified and efficient approach to cybersecurity in the financial sector.FINEXTRA.COM
14 FebTech Companies Plan to Sign Accord to Combat AI-Generated Election TrickeryMajor technology companies are planning to sign an agreement this week that would guide how they try to put a stop to the use of AI tools to disrupt democratic elections. The post Tech Companies Plan to Sign Accord to Combat AI-Generated Election Trickery appeared first on Securi…SECURITYWEEK.COM
14 FebISC Stormcast For Wednesday, February 14th, 2024 https://isc.sans.edu/podcastdetail/8852, (Wed, Feb 14th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
14 FebAlert! 333% Surge in Hunter-Killer Malware that Bypasses Network Security ControlsHunter-Killer is a sophisticated type of malware primarily designed to actively seek out and neutralize other malware present on a system. It operates by identifying and removing competing threats that potentially pose a serious risk to the security and privacy of affected system…GBHACKERS.COM
14 FebBeyond the Hype: Questioning FUD in Cybersecurity MarketingCould cybersecurity professionals benefit from FUD awareness training in the same way that users benefit from phishing awareness training? The post Beyond the Hype: Questioning FUD in Cybersecurity Marketing appeared first on SecurityWeek .SECURITYWEEK.COM
14 FebWho’s the Boss? Teaming up with AI in Security“AI’s Impact in Cybersecurity” is a blog series based on interviews with a variety of experts at Palo Alto Networks and Unit 42, with roles in AI research, product management, consulting, engineering … The post Who’s the Boss? Teaming up with AI in Security appeared first o…PALOALTONETWORKS.COM
14 FebKubernetes Security Firm KTrust Emerges From Stealth With $5.3M in FundingIsrael-based Kubernetes security firm KTrust emerges from stealth mode with $5.3 million in seed funding from VC Awz Ventures. The post Kubernetes Security Firm KTrust Emerges From Stealth With $5.3M in Funding appeared first on SecurityWeek .SECURITYWEEK.COM
14 FebSnap Trap: The Hidden Dangers Within Ubuntu's Package Suggestion Systemsubmitted by L4s to secops 1 points | 0 comments https://www.aquasec.com/blog/snap-trap-the-hidden-dangers-within-ubuntus-package-suggestion-system/ Snap Trap: The Hidden Dangers Within Ubuntu’s Package Suggestion System::Aqua Nautilus researchers have identified a security issue…AQUASEC.COM
14 FebUpcoming Speaking EngagementsThis is a current list of where and when I am scheduled to speak: I’m speaking at the Munich Security Conference (MSC) 2024 in Munich, Germany, on Friday, February 16, 2024. I’m giving a keynote at a symposium on “AI and Trust” at Generative AI, Free Speech, & Public Discours…SCHNEIER.COM
14 FebHow to Analyze the MITRE Engenuity ATT&CK® Evaluations: EnterpriseThorough, independent tests are vital as cybersecurity leaders and their teams evaluate vendors’ abilities to guard against increasingly sophisticated threats to their organizations. And perhaps no assessment is more widely trusted than the annual MITRE Engenuity ATT&CK Evalu…GBHACKERS.COM
14 FebBMW security lapse exposed sensitive company information, researcher findsA misconfigured cloud storage server belonging to automotive giant BMW exposed sensitive company information, including private keys and internal data, TechCrunch has learned. Can Yoleri, a security researcher at threat intelligence company SOCRadar, told TechCrunch that he disco…TECHCRUNCH.COM
14 FebAsset Management Firm Armis Acquires Honeypot Maker CTCIDeal Between Private Companies Is Worth About $20 Million Venture-capital owned Armis, a firm that touts its ability to prepare companies for attacks before they materialize, acquired cybersecurity startup CTCI in a transaction approaching $20 million. Armis will merge CTCI emplo…DATABREACHTODAY.CO.UK
14 FebNorth Korean Hackers Target South Korean President's OfficeAttackers Accessed Details of State Visits to UK, France in Private Email Account The South Korean President's Office told local media Tuesday that suspected North Korean hackers had targeted the private email account of an official in November ahead of the president's state visi…DATABREACHTODAY.CO.UK
14 FebPanel: Physical Security and Social Engineering - PSW #817In this segment, we discuss topics related to physical security and social engineering. We also touch on the challenges and strategies for implementing effective security measures. The discussion highlights the importance of understanding the relationship between physical securit…YOUTUBE.COM
14 FebStaying ahead of threat actors in the age of AIMicrosoft, in collaboration with OpenAI, is publishing research on emerging threats in the age of AI, focusing on identified activity associated with known threat actors Forest Blizzard, Emerald Sleet, Crimson Sandstorm, and others. The observed activity includes prompt-injection…MICROSOFT.COM
14 FebCyber Signals: Navigating cyberthreats and strengthening defenses in the era of AIToday we released the sixth edition of Cyber Signals, spotlighting the remarkable interest and impact driven by AI on the cybersecurity landscape. This includes new, joint threat intelligence Microsoft is sharing with our OpenAI partners, detailing how we are protecting AI platfo…MICROSOFT.COM
14 FebNews alert: DigiCert taps tenured tech execs Jugnu Bhatia as its new CFO, Dave Packer as CROLehi, Utah – Feb. 14, 2024 – DigiCert, a leading global provider of digital trust, today announced new additions to its executive leadership team with the appointments of Jugnu Bhatia as Chief Financial Officer (CFO) and Dave Packer as Chief … (more…)LASTWATCHDOG.COM
🌐 CYBER THREAT LANDSCAPE 4[−]
14 FebReport: Stealthy “Hunter-Killer” Malware Detections Surge 333% AnnuallyDefenders must adopt a proactive approach, employing multiple security controls with a defense-in-depth strategy to detect and mitigate the impact of stealth-oriented "hunter-killer" malware.INFOSECURITY-MAGAZINE.COM
14 FebBumblebee Malware Returns with New Tricks, Targeting U.S. BusinessesThe infamous malware loader and initial access broker known as Bumblebee has resurfaced after a four-month absence as part of a new phishing campaign observed in February 2024. Enterprise security firm Proofpoint said the activity targets organizations in the U.S. with …THEHACKERNEWS.COM
14 FebUbuntu 'command-not-found' tool can be abused to spread malwareA logic flaw between Ubuntu's 'command-not-found' package suggestion system and the snap package repository could enable attackers to promote malicious Linux packages to unsuspecting users. [...]BLEEPINGCOMPUTER.COM
14 FebThe art of digital sleuthing: How digital forensics unlocks the truthLearn how the cyber variety of CSI works, from sizing up the crime scene and hunting for clues to piecing together the story that the data has to tellWELIVESECURITY.COM
📡 INFOSEC NEWS 19[−]
14 FebSophos MDR and Sophos XDR now integrate with VeeamDetect and stop threats targeting business-critical backup data.SOPHOS.COM
14 FebSophos achieves inaugural ISO 27001:2022 certificationSophos’ latest certification triumph unlocks further excellence.SOPHOS.COM
14 FebHackers Steal $290 Million in Crypto From PlayDapp Gaming PlatformPlayDapp offered a $1 million reward to the hacker for returning the stolen contracts and assets, but the hackers continued to mint more tokens, leading to the suspension of PLA trading and efforts to freeze the hacker's wallets on exchanges.BLEEPINGCOMPUTER.COM
14 FebKTrust launches an automated red team for Kubernetes securityKTrust, a Tel Aviv-based security startup, is taking a different approach to Kubernetes security from many of its competitors in the space. Instead of only scanning Kubernetes clusters and their configurations for known vulnerabilities, KTrust is taking a more proactive approach.…TECHCRUNCH.COM
14 FebBoise State Pilot Program Aims to Boost Cybersecurity by Pairing Students With Local InstitutionsThe Cyberdome initiative at Boise State University is helping to address the shortage of cybersecurity talent in rural areas by providing hands-on work experience to students and cybersecurity services to organizations in need.THERECORD.MEDIA
14 FebSecure AI usage both at home and at work | Kaspersky official blogWhich AI assistants and tools are insecure, and how to use LLMs without risking your data.KASPERSKY.COM
14 FebDuckDuckGo browser gets end-to-end encrypted sync featureThe DuckDuckGo browser has unveiled a new end-to-end encrypted Sync & Backup feature that lets users privately and securely synchronize their bookmarks, passwords, and Email Protection settings across multiple devices. [...]BLEEPINGCOMPUTER.COM
14 FebU.S. Internet Leaked Years of Internal, Customer EmailsThe Minnesota-based Internet provider U.S. Internet Corp. has a business unit called Securence, which specializes in providing filtered, secure email services to businesses, educational institutions and government agencies worldwide. But until it was notified last week, U.S. Inte…KREBSONSECURITY.COM
14 FebCyber Risk Management: Bring Security to the BoardroomDiscover how to strategically present security controls to the board to better manage cyber risk.TRENDMICRO.COM
14 FebMicrosoft Exchange update enables Extended Protection by defaultMicrosoft is automatically enabling Windows Extended Protection on Exchange servers after installing this month's 2024 H1 Cumulative Update (aka CU14). [...]BLEEPINGCOMPUTER.COM
14 FebSee me speak at webinar about data security for financial servicesJoin me and Metomic CEO Richard Vibert for a discussion about some of the cybersecurity challenges faced by the financial services industry, and how you can best protect your organisations. Sign up now for the free event on February 29 2024.GRAHAMCLULEY.COM