95Articles
10Categories
2024-04-04Date
🚨 CISA KEV 1[−]
4 Apr KEVCISA Adds Two Known Exploited Vulnerabilities to CatalogCISA has added two new vulnerabilities to its  Known Exploited Vulnerabilities Catalog , based on evidence of active exploitation. CVE-2024-29745 Android Pixel Information Disclosure Vulnerability CVE-2024-29748 Android Pixel Privilege Escalation Vulnerability These types of…CISA.GOV
🐛 COMMON VULNERABILITIES AND EXPOSURES 10[−]
4 AprIvanti Rushes Patches for 4 New Flaw in Connect Secure and Policy SecureIvanti has released security updates to address four security flaws impacting Connect Secure and Policy Secure Gateways that could result in code execution and denial-of-service (DoS). The list of flaws is as follows - CVE-2024-21894 (CVSS score: 8.2) - A heap overflow vulne…THEHACKERNEWS.COM
4 AprGoogle Fixed Another Chrome Zero-Day Exploited at Pwn2OwnThe vulnerability CVE-2024-3159 is an out-of-bounds memory access in the V8 JavaScript engine. The flaw was demonstrated by Edouard Bochin (@le_douds) and Tao Yan (@Ga1ois) of Palo Alto Networks during the Pwn2Own 2024 on March 22, 2024.SECURITYAFFAIRS.COM
4 AprIvanti Releases Security Update for Ivanti Connect Secure and Policy Secure GatewaysIvanti has released security updates to address vulnerabilities in all supported versions (9.x and 22.x) of Ivanti Connect Secure and Policy Secure gateways. A cyber threat actor could exploit one of these vulnerabilities to take control of an affected system.  Users an…CISA.GOV
4 AprXZ - Backdoors and The Fragile Supply Chain - PSW #823As most of you have probably heard there was a scary supply chain attack against the open source compression software called "xz". The security weekly hosts will break down all the details and provide valuable insights. * https://blog.qualys.com/vulnerabilities-threat-research/20…YOUTUBE.COM
4 AprGetting Vulnerability Management Back on the Rails - Patrick Garrity - ESW #356NVD checked out, then they came back? Maybe? Should the xz backdoor be treated as a vulnerability? Is scan-driven vulnerability management obsolete when it comes to alerting on emerging threats? What were some of the takeaways from the first-ever VulnCon? EPSS is featured in over…YOUTUBE.COM
4 AprChromium: CVE-2024-3156 Inappropriate implementation in V8This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information.MSRC.MICROSOFT.COM
4 AprChromium: CVE-2024-3158 Use after free in BookmarksThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information.MSRC.MICROSOFT.COM
4 AprChromium: CVE-2024-3159 Out of bounds memory access in V8This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information.MSRC.MICROSOFT.COM
⚠️ VULNERABILITY DISCLOSURE 23[−]
4 AprGoogle patches critical vulnerability for Androids with Qualcomm chipssubmitted by Lanky_Pomegranate530 to cybersecurity 1 points | 0 comments https://www.malwarebytes.com/blog/news/2024/04/google-patches-critical-vulnerability-for-androids-with-qualcomm-chipsMALWAREBYTES.COM
4 AprChinese APT group deploys defense-evading tactics with new UNAPIMON backdoorA prolific Chinese cyberespionage group known in the security industry as APT41 was recently seen deploying a new backdoor program called UNAPIMON that uses a sophisticated technique to prevent its child processes from being monitored by security products. “Looking at the behavio…CSOONLINE.COM
4 AprGesture Jacking – New Attack That Deceives Website VisitorsThe Web Platform is incredibly powerful, but regrettably, malicious websites will do all in their capacity to misuse it. To prevent such exploitation, blocking actions that weren’t accompanied by a “User Gesture” is one of the weakest (but easiest to implement) …GBHACKERS.COM
4 AprGeneral Data Protection Regulation (GDPR): What you need to know to stay compliantCompanies that collect data on citizens in European Union (EU) countries need to comply with strict rules around protecting customer data. The General Data Protection Regulation (GDPR) sets a standard for consumer rights regarding their data, but companies will be challenged to m…CSOONLINE.COM
4 AprResearchers Observed Visual Studio Code Extensions Stealing Users’ Sensitive DataReversingLabs has uncovered a series of Visual Studio Code (VS Code) extensions designed to transfer sensitive information from unsuspecting users. This discovery highlights the growing trend of supply chain attacks increasingly targeting open-source repositories and platforms. T…GBHACKERS.COM
4 AprMagento Shoplift Malware Targets Both WordPress and Magento CMS on E-Commerce SitesWhile it pretends to be a Google Analytics script, this is merely a distraction from the true nature of the credit card skimming JavaScript code snippet embedded in the infected website.SUCURI.NET
4 AprCyberattack forces Omni Hotels to shut down its IT systemsOmni Hotels and Resorts has confirmed that a cyberattack was responsible for the US-based luxury hospitality chain’s IT systems’ shutdown since Friday. Through a message on its website, Omni told customers it has initiated an investigation into the attack and is taking necessary …CSOONLINE.COM
4 AprNew HTTP/2 Vulnerability Exposes Web Servers to DoS AttacksNew research has found that the CONTINUATION frame in the HTTP/2 protocol can be exploited to conduct denial-of-service (DoS) attacks. The technique has been codenamed HTTP/2 CONTINUATION Flood by security researcher Bartek Nowotarski, who reported the issue to the CERT…THEHACKERNEWS.COM
4 AprCritical Vulnerability in Progress Flowmon Allows Remote Access to SystemsA critical OS command injection in Progress Flowmon can be exploited to gain remote, unauthenticated access to the system. The post Critical Vulnerability in Progress Flowmon Allows Remote Access to Systems appeared first on SecurityWeek .SECURITYWEEK.COM
4 Apr KEVPixel Phone Zero-Days Exploited by Forensic FirmsGoogle this week patched two Pixel phone zero-day vulnerabilities actively exploited by forensic companies to obtain data from devices. The post Pixel Phone Zero-Days Exploited by Forensic Firms appeared first on SecurityWeek .SECURITYWEEK.COM
4 AprTargeted Phishing Linked to 'The Com' Surges in the US, the UK, and CanadaA persistent social engineering threat faced by enterprises involves attackers trying to obtain login credentials for identity and access management (IAM), cloud resources, or single sign-on (SSO)-enabled systems.INTEL471.COM
4 AprCyberattack Causes Disruptions at Omni HotelsOmni Hotels & Resorts tells customers that recent disruptions have been caused by a cyberattack that forced it to shut down systems. The post Cyberattack Causes Disruptions at Omni Hotels appeared first on SecurityWeek .SECURITYWEEK.COM
4 AprCenter Identity Launches Patented Passwordless Authentication for BusinessesCenter Identity, a pioneering cybersecurity company, is excited to unveil its patented secret location authentication, reshaping how businesses manage workforce digital identity. This proprietary technology enables users to authenticate their identity using a secret location sele…GBHACKERS.COM
4 AprCISA Releases Two Industrial Control Systems AdvisoriesCISA released two Industrial Control Systems (ICS) advisories on April 4, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-095-01 Hitachi Energy Asset Suite 9 ICSA-24-095-02 Schweitzer Engineer…CISA.GOV
4 AprGoogle patches Pixel phone zero-days after exploitation by “forensic companies”Google has issued a security advisory to owners of its Android Pixel smartphones, warning that it has discovered someone has been targeting some devices to bypass their built-in security. Read more in my article on the Tripwire State of Security blog.TRIPWIRE.COM
4 AprIvanti CEO Vows Cybersecurity Makeover After Zero-Day BlitzIvanti releases a carefully scripted YouTube video and an open letter from chief executive Jeff Abbott vowing to fix the entire security organization. The post Ivanti CEO Vows Cybersecurity Makeover After Zero-Day Blitz appeared first on SecurityWeek .SECURITYWEEK.COM
4 AprTesting in Detection Engineering (Part 8)This blog series was written jointly with Amine Besson, Principal Cyber Engineer, Behemoth CyberDefence and one more anonymous collaborator. This blog involved one more anonymous contributor. In this blog (#8 in the series), we will take a fairly shallow look at testing in detect…MEDIUM.COM
4 AprBreach Roundup: Omni Hotels Acknowledges Cyber IncidentAlso: Insurer Predicts Ransomware for Cars, Offers to Cover Towing Costs This week, Omni, OWASP and MarineMax suffered cyber incidents, Ivanti disclosed flaws, Cisco gave tips to stop password-spraying attacks, a court upheld an FCC ban, India rescued citizens in Cambodia, Americ…DATABREACHTODAY.CO.UK
4 AprGoogle Fixes Two Pixel Zero-Days Exploited by Forensic FirmsBugs Allowed Device Unlocking and Memory Access Google addressed two zero-day vulnerabilities in Pixel mobile phones that forensic firms exploited to bypass PINs and access stored data on the device. The bugs allowed attackers to unlock and access Pixel's device memory with physi…DATABREACHTODAY.CO.UK
4 AprMicrosoft, Okta, CyberArk Lead Workforce Identity RankingsOneLogin Departs Forrester's Leaderboard as User Experience Takes Center Stage Microsoft, Okta and CyberArk remained atop Forrester's workforce identity rankings, while OneLogin tumbled from the leaders' spot. The shift toward digital platforms and growing adoption of cloud servi…DATABREACHTODAY.CO.UK
4 AprIvanti Pledges Security Overhaul the Day After 4 More Vulns Disclosedsubmitted by Lanky_Pomegranate530 to cybersecurity 1 points | 0 comments https://www.darkreading.com/remote-workforce/ivanti-ceo-commits-to-security-overhaul-day-after-vendor-discloses-4-more-vulnsDARKREADING.COM
4 AprCritical Security Flaw Exposes 1 Million WordPress Sites to SQL Injectionsubmitted by Lanky_Pomegranate530 to cybersecurity 2 points | 0 comments https://www.darkreading.com/remote-workforce/critical-security-flaw-wordpress-sql-injectionDARKREADING.COM
📋 SECURITY BULLETINS 1[−]
4 AprMicrosoft fixes Outlook security alerts bug caused by December updatesMicrosoft has fixed an issue that triggers erroneous Outlook security alerts when opening .ICS calendar files after installing the December 2023 Outlook Desktop security updates [...]BLEEPINGCOMPUTER.COM
📢 SECURITY ADVISORIES 3[−]
4 AprNew Rules for Shipbuilding Focus on IT/OT CybersecurityNew IACS Rules to Secure Onboard Digital Systems, Equipment Go Into Effect July 1 IT and OT security experts say threats to shipping underscore the need for more stringent regulations for passenger, cargo and high-speed vessels by the International Association of Classification S…DATABREACHTODAY.CO.UK
🔥 INCIDENT REPORTING 19[−]
4 AprHackers Claiming Breach of Five Eyes Intelligence Group (FVEY) DocumentsA group of hackers has announced the release of sensitive documents purportedly belonging to the Five Eyes Intelligence Group (FVEY), a prominent intelligence alliance comprising Australia, Canada, New Zealand, the United Kingdom, and the United States. The United States Departme…GBHACKERS.COM
4 AprRhadamanthys Stealer Delivered in Transportation CampaignThe phishing emails use a unique vehicle incident lure and, in later stages of the infection chain, spoof the Federal Bureau of Transportation in a PDF that mentions a significant fine for the incident.COFENSE.COM
4 AprWhat makes a ransomware attack eight times as costly? Compromised backupsNew research has found that ransomware remediation costs can explode when backups have been compromised by malicious hackers - with overall recovery costs eight times higher than for those whose backups are not impacted. Read more in my article on th Exponential-e blog.EXPONENTIAL-E.COM
4 AprJackson County shuts down over ransomware attacksubmitted by Lanky_Pomegranate530 to cybersecurity 1 points | 0 comments https://cybernews.com/news/jackson-county-shuts-down-ransomware/?CYBERNEWS.COM
4 AprUnveiling the Fallout: Operation Cronos' Impact on LockBit Following Landmark DisruptionContrary to what the group themselves have stated, activities observed post-disruption would indicate that Operation Chronos has a significant impact on the group’s activities.TRENDMICRO.COM
4 AprHosting Providers VMware ESXi Servers Hit by New SEXi RansomwareA new ransomware variant is targeting VMware ESXi servers, a popular virtualization platform used by hosting providers worldwide. Dubbed “SEXi” by its creators, this ransomware has already made significant waves, with Powerhost’s CEO revealing a staggering ranso…GBHACKERS.COM
4 AprMicrosoft Exchange State-Linked Hack Entirely Preventable, Cyber Review Board FindsThe China-affiliated threat actor Microsoft identified as Storm-0558 compromised the Microsoft Exchange Online mailboxes of 22 organizations and more than 500 individuals in the attacks, which began in May 2023.CYBERSECURITYDIVE.COM
4 AprSurveyLama Data Breach Impacts 4.4 Million UsersData breach impacting users’ personal information prompts survey rewards platform SurveyLama to reset passwords. The post SurveyLama Data Breach Impacts 4.4 Million Users appeared first on SecurityWeek .SECURITYWEEK.COM
4 AprUS Cancer Center Data Breach Impacting 800,000City of Hope is notifying 800,000 individuals of a data breach impacting their personal and health information. The post US Cancer Center Data Breach Impacting 800,000 appeared first on SecurityWeek .SECURITYWEEK.COM
4 AprNew SEXi Ransomware Gang Targets VMware ESXi ServersChilean data center and hosting provider IxMetro Powerhost has suffered a cyberattack at the hands of a new ransomware gang known as SEXi, which encrypted the company's VMware ESXi servers and backups.BLEEPINGCOMPUTER.COM
4 AprHackers Hijacked Notepad++ Plugin to Execute Malicious CodeThe AhnLab Security Intelligence Center (ASEC) has detected a sophisticated cyberattack targeting users of the popular text and code editor, Notepad++. Hackers have successfully manipulated a default plugin within the Notepad++ package, potentially compromising the security of co…GBHACKERS.COM
4 AprAT&T To Face Lawsuit Following Breach Impacting 73 Million CustomersAT&T, a leading American telecommunications company, is facing a wave of lawsuits following a data breach that exposed the sensitive information of 73 million customers. The breach, confirmed by AT&T on March 30, 2024, included full name, email address, mailing address, p…GBHACKERS.COM
4 AprNew Phishing Campaign Targets Oil & Gas with Evolved Data-Stealing MalwareAn updated version of an information-stealing malware called Rhadamanthys is being used in phishing campaigns targeting the oil and gas sector. "The phishing emails use a unique vehicle incident lure and, in later stages of the infection chain, spoof the Federal Bureau of Transpo…THEHACKERNEWS.COM
4 AprUS cancer center data breach exposes info of 827,000 patientsCancer treatment and research center City of Hope is warning that a data breach exposed the sensitive information of over 820,000 patients. [...]BLEEPINGCOMPUTER.COM
4 AprHoya’s optics production and orders disrupted by cyberattackHoya Corporation, one of the largest global manufacturers of optical products, says a "system failure" caused servers at some of its production plants and business divisions to go offline on Saturday. [...]BLEEPINGCOMPUTER.COM
4 AprHealth Data Thefts Keep Coming; Millions Affected in 2024Latest Exfiltration and Hacking Incidents Highlight Health Sector Cyber Challenges What do a California cancer research center; an Indiana ear, nose and throat practice; an Oklahoma ambulance company; and a New York billing firm all have in common? They're among the latest firms …DATABREACHTODAY.CO.UK
4 AprNew Latrodectus malware replaces IcedID in network breachesA relatively new malware called Latrodectus is believed to be an evolution of the IcedID loader, seen in malicious email campaigns since November 2023. [...]BLEEPINGCOMPUTER.COM
4 AprHave you heard about AI? Lots of AI news. Also, RSA conference, and RooBadges! - ESW #356As we near RSA conference season, tons of security startups are coming out of stealth! The RSA Innovation Sandbox has also announced the top 10 finalists, also highlighting early stage startups that will be at the show. In this week's news segment, - We discuss the highlights of …YOUTUBE.COM
🕵️ THREAT INTELLIGENCE 21[−]
4 AprISC Stormcast For Thursday, April 4th, 2024 https://isc.sans.edu/podcastdetail/8924, (Thu, Apr 4th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
4 AprMicrosoft’s Security Chickens Have Come Home to RoostNews analysis: SecurityWeek editor-at-large Ryan Naraine reads the CSRB report on China's audacious Microsoft’s Exchange Online hack and isn't at all surprised by the findings. The post Microsoft’s Security Chickens Have Come Home to Roost appeared first on SecurityWeek .SECURITYWEEK.COM
4 AprZoom Paid Out $10 Million via Bug Bounty Program Since 2019Video conferencing giant Zoom has paid out $10 million through its bug bounty program since it was launched in 2019. The post Zoom Paid Out $10 Million via Bug Bounty Program Since 2019 appeared first on SecurityWeek .SECURITYWEEK.COM
4 AprSurveillance by the New Microsoft Outlook AppThe ProtonMail people are accusing Microsoft’s new Outlook for Windows app of conducting extensive surveillance on its users. It shares data with advertisers, a lot of data: The window informs users that Microsoft and those 801 third parties use their data for a number of p…SCHNEIER.COM
4 AprNew HTTP/2 DoS Attack Potentially More Severe Than Record-Breaking Rapid ResetNew HTTP/2 DoS method named Continuation Flood can pose a greater risk than Rapid Reset, which has been used for record-breaking attacks. The post New HTTP/2 DoS Attack Potentially More Severe Than Record-Breaking Rapid Reset appeared first on SecurityWeek .SECURITYWEEK.COM
4 AprCloud Threat Detection Firm Permiso Raises $18 millionCloud security firm provides a detection platform able to detect and predict the likely behavior of ‘bad’ identities. The post Cloud Threat Detection Firm Permiso Raises $18 million appeared first on SecurityWeek .SECURITYWEEK.COM
4 AprCloud security uncertainty: Do you know where your data is?How well are security leaders sleeping at night? According to a recent Gigamon report, it appears that many cyber professionals are restless and worried. In the report, 50% of IT and security leaders surveyed lack confidence in knowing where their most sensitive data is stored an…SECURITYINTELLIGENCE.COM
4 AprIT Leaders Can’t Stop AI and Deepfake Scams as They Top the List of Most Frequent AttacksNew data shows that the attacks IT feels most inadequate to stop are the ones they’re experiencing the most.KNOWBE4.COM
4 AprBuilding secure applications: Key insights on authentication and authorization from Cerbos and Microsoft Entra | Cerbossubmitted by rohitghumare to cybersecurity 1 points | 0 comments https://www.cerbos.dev/blog/building-secure-applications-key-insights-on-authentication-and-authorization-from-cerbos-and-microsoft-entraCERBOS.DEV
4 AprKobold letters – Why HTML emails are a risk to your organizationsubmitted by testeronious to security 1 points | 0 comments https://lutrasecurity.com/en/articles/kobold-letters/LUTRASECURITY.COM
4 AprA Vigilante Hacker Took Down North Korea’s Internet. Now He’s Taking Off His Masksubmitted by Lanky_Pomegranate530 to cybersecurity 1 points | 0 comments https://www.wired.com/story/p4x-north-korea-internet-hacker-identity-reveal/WIRED.COM
4 AprCryptohack Roundup: Thieves Steal Money, Seek PraiseAlso: A OneCoin Sentencing, Tornado Cash Update, FTX Repayment Plans This week, hackers stole from Prisma Finance and demanded praise, a OneCoin head was sentenced to prison, a Tornado Cash co-founder asked for dismissal of charges, FTX said it will repay customers, Singapore has…DATABREACHTODAY.CO.UK
4 AprVietnam-Based Hackers Steal Financial Data Across Asia with MalwareA suspected Vietnamese-origin threat actor has been observed targeting victims in several Asian and Southeast Asian countries with malware designed to harvest valuable data since at least May 2023. Cisco Talos is tracking the cluster under the name CoralRaider, describing it…THEHACKERNEWS.COM
4 Apr'Many-Shot Jailbreaking' Defeats Gen AI Security Guardrails'Fictitious Dialogue' About Harmful Content Subverts Defenses, Researchers Find After testing safety features built into generative artificial intelligence tools developed by the likes of Anthropic, OpenAI and Google DeepMind, researchers have discovered that a technique called "…DATABREACHTODAY.CO.UK
4 AprCatfishing Campaign Targets Members of the UK GovernmentAt least twelve men working in the UK parliament have recently been targeted by WhatsApp spear phishing messages, POLITICO reports. The targeted individuals include “a senior Labour MP, four party staffers, and a political journalist.”KNOWBE4.COM
4 AprApple Users Become the Latest Targets of MFA AttacksA new string of multi-factor authentication (MFA) attacks targeting the reset of Apple IDs seem to be popping up in a likely attempt to steal the victim’s digital identity and more.KNOWBE4.COM
4 AprIt's A Minifilter! - PSW #823pfSense switches to Linux (April Fools?), Flipper panic in Oz, Tales from the Krypt, Funding to secure the Internet, Abusing SSH on Windows, Blinding EDR, more hotel hacking, Quantum Bleed, and more! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes…YOUTUBE.COM
4 AprDOE Looks to Universities to Fix Energy Sector CybersecurityEnergy Department Invests in Next Generation of Cyber Talent to Find New Solutions The Energy Department is hoping to catalyze next-generation solutions to cybersecurity vulnerabilities in the energy sector by funding the creation of university-based cyber energy centers nationwi…DATABREACHTODAY.CO.UK
4 AprThe Power of AI Assistants and Advanced Threat DetectionExplore predictions on AI in cybersecurity and cultivating a cyber-aware culture. Discover the emergence of AI-powered cybersecurity assistants. The post The Power of AI Assistants and Advanced Threat Detection appeared first on Palo Alto Networks Blog .PALOALTONETWORKS.COM
4 AprPhishing Attacks Targeting Political Parties, Germany WarnsEscalation of Cyberespionage Likely Tied to Upcoming European Elections German federal agencies warned that phishing attacks targeting political parties surged ahead of upcoming European Union elections. The government did not attribute the attacks to a specific country but confi…DATABREACHTODAY.CO.UK
4 AprExplore Microsoft’s AI innovations at RSA Conference 2024Will you be at the RSA Conference? Join us for Microsoft Pre-Day, sessions, and other events for insights on leading in AI. Keep reading for what to expect at the event. The post Explore Microsoft’s AI innovations at RSA Conference 2024 appeared first on Microsoft Security Blog .MICROSOFT.COM
🌐 CYBER THREAT LANDSCAPE 3[−]
4 AprDistinctive Campaign Evolution of Pikabot MalwarePikaBot, along with other malicious loaders like QBot and DarkGate, heavily depends on spam campaigns for distribution. Its initial access strategies are intricately crafted, utilizing geographically targeted spam emails for specific countries.MCAFEE.COM
4 AprThe Biggest Takeaways from Recent Malware AttacksRecent high-profile malware attacks teach us lessons on limiting malware risks at organizations. Learn more from Blink Ops about what these attacks taught us. [...]BLEEPINGCOMPUTER.COM
4 AprVisa warns of new JSOutProx malware variant targeting financial orgsVisa is warning about a spike in detections for a new version of the JsOutProx malware targeting financial institutions and their customers. [...]BLEEPINGCOMPUTER.COM
🎙️ PODCASTS 1[−]
4 AprTransatlantic Cable podcast episode 341 | Kaspersky official blogEpisode 341 of the Kaspersky podcast has nueral implants, Google review chase, data broker exposure and more.KASPERSKY.COM
📡 INFOSEC NEWS 13[−]
4 Apr‘The Manipulaters’ Improve Phishing, Still Fail at OpsecThe core brand of The Manipulaters has long been a shared cybercriminal identity named “Saim Raza,” who for the past decade has peddled a popular spamming and phishing service variously called “Fudtools,” “Fudpage,” “Fudsender,” “FudCo,” etc.KREBSONSECURITY.COM
4 AprConsiderations for Operational Technology CybersecurityOperational Technology (OT) refers to the hardware and software used to change, monitor, or control the enterprise's physical devices, processes, and events. Unlike traditional Information Technology (IT) systems, OT systems directly impact the physical world. This unique ch…THEHACKERNEWS.COM
4 AprReport: 73% Brace for Cybersecurity Impact on Business in the Next Year or TwoOnly 3% of organizations across the globe have the ‘mature’ level of readiness needed to be resilient against modern cybersecurity risks, according to Cisco. The readiness is down from one year ago, when 15% of companies were ranked mature.HELPNETSECURITY.COM
4 AprScrut Automation Secures $10 Million in Growth CapitalScrut Automation, a GRC platform provider, has announced today that it secured $10 million in growth capital from its existing investors, including Lightspeed, MassMutual Ventures, and Endiya Partners.CIOL.COM
4 AprFake Lawsuit Threat Exposes Privnote Phishing SitesA cybercrook who has been setting up websites that mimic the self-destructing message service Privnote.com accidentally exposed the breadth of their operations recently when they threatened to sue a software company. The disclosure revealed a profitable network of phishing sites …KREBSONSECURITY.COM
4 AprNew HTTP/2 DoS attack can crash web servers with a single connectionNewly discovered HTTP/2 protocol vulnerabilities called "CONTINUATION Flood" can lead to denial of service (DoS) attacks, crashing web servers with a single TCP connection in some implementations. [...]BLEEPINGCOMPUTER.COM
4 AprSlicing up DoNex with Binary Ninja, (Thu, Apr 4th)[This is a guest diary by John Moutos] ISC.SANS.EDU