🚨 CISA KEV 2[−]
11 Apr KEVOWASP Top 10 OSS Risks: A guide to better open source securityCalls for a critical look at how open-source software (OSS) is secured and used have been increasing after a number of recent scares exposed vulnerabilities and risks, in particular the XZ Utils incident that revealed a backdoor inserted into a widely used OSS for compression and…CSOONLINE.COM
11 Apr KEVCISA Adds Two Known Exploited Vulnerabilities to CatalogCISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog , based on evidence of active exploitation. CVE-2024-3272 D-Link Multiple NAS Devices Use of Hard-Coded Credentials Vulnerability CVE-2024-3273 D-Link Multiple NAS Devices Command Injectio…CISA.GOV
🐛 COMMON VULNERABILITIES AND EXPOSURES 12[−]
11 AprFortinet Rolls Out Critical Security Patches for FortiClientLinux VulnerabilityFortinet has released patches to address a critical security flaw impacting FortiClientLinux that could be exploited to achieve arbitrary code execution. Tracked as CVE-2023-45590, the vulnerability carries a CVSS score of 9.4 out of a maximum of 10. "An Improper Control of Gener…THEHACKERNEWS.COM
11 AprFortinet Fixed a Critical RCE Bug in FortiClientLinuxFortinet fixed a dozen vulnerabilities in multiple products, including a critical-severity remote code execution (RCE) issue, tracked as CVE-2023-45590 (CVSS score of 9.4), in FortiClientLinux.SECURITYAFFAIRS.COM
11 AprRust Addresses Critical Vulnerability on WindowsThe vulnerability, which carries a perfect 10 base severity score, is tracked as CVE-2024-24576. It affects the Rust standard library, which was found to be improperly escaping arguments when invoking batch files on Windows using the Command API.THEREGISTER.COM
11 AprRust addresses critical vulnerability on Windowssubmitted by kid to cybersecurity 2 points | 2 comments https://www.theregister.com/2024/04/10/rust_critical_vulnerability_windows/ The vulnerability, which carries a perfect 10 base severity score, is tracked as CVE-2024-24576. It affects the Rust standard library, which was fou…THEREGISTER.COM
11 AprCVE-2022-0001 Intel: CVE-2022-0001 Branch History InjectionUpdated CWE value. This is an informational change only.MSRC.MICROSOFT.COM
11 AprCVE-2024-21322 Microsoft Defender for IoT Remote Code Execution VulnerabilityAdded FAQ information. This is an informational change only.MSRC.MICROSOFT.COM
11 AprCVE-2024-21323 Microsoft Defender for IoT Remote Code Execution VulnerabilityAdded an FAQ. This is an information change only.MSRC.MICROSOFT.COM
11 AprCVE-2024-21324 Microsoft Defender for IoT Elevation of Privilege VulnerabilityAdded an FAQ. This is an information change only.MSRC.MICROSOFT.COM
11 AprCVE-2024-26234 Proxy Driver Spoofing VulnerabilityAdded acknowledgements. This is an informational change only.MSRC.MICROSOFT.COM
11 AprCVE-2024-29053 Microsoft Defender for IoT Remote Code Execution VulnerabilityAdded an FAQ. This is an information change only.MSRC.MICROSOFT.COM
11 AprCVE-2024-29055 Microsoft Defender for IoT Elevation of Privilege VulnerabilityAdded an FAQ. This is an information change only.MSRC.MICROSOFT.COM
11 AprCVE-2024-29054 Microsoft Defender for IoT Elevation of Privilege VulnerabilityAdded an FAQ. This is an information change only.MSRC.MICROSOFT.COM
⚠️ VULNERABILITY DISCLOSURE 23[−]
11 AprApple alerts users in 92 nations to mercenary attacks in new warningApple sent threat notifications to iPhone users in 92 countries on Wednesday, warning them that may have been targeted by mercenary spyware attacks. The company sent the alerts to individuals in 92 nations at 12pm Pacific Time on Wednesday. The iPhone-maker sends these notificati…TECHCRUNCH.COM
11 AprApple Expands Spyware Alert System to Warn Users of Mercenary AttacksApple on Wednesday revised its documentation pertaining to its mercenary spyware threat notification system to mention that it alerts users when they may have been individually targeted by such attacks. It also specifically called out companies like NSO Group for develo…THEHACKERNEWS.COM
11 AprMicrosoft April 2024 Patch Tuesday fixes 150 security flaws, 67 RCEsOnly three critical vulnerabilities were fixed as part of the April 2024 Patch Tuesday updates, but there are over 67 remote code execution bugs. More than half of the RCE flaws are found within Microsoft SQL drivers, likely sharing a common flaw.BLEEPINGCOMPUTER.COM
11 AprFortra For Windows Vulnerability Let Attackers Escalate PrivilegeFortra’s Robot Schedule Enterprise Agent permits a low-privileged user to elevate privileges to the local system level. The problem arises from the agent’s failure to adequately secure its service executable, which an attacker can exploit by swapping out the exe…GBHACKERS.COM
11 AprHackers Manipulate GitHub Search To Deliver Clipboard-Hijacking MalwareIn a sophisticated cyberattack campaign uncovered on April 10, 2024, cybercriminals are exploiting GitHub’s search functionality to distribute a particularly insidious form of malware, known as “Keyzetsu clipper,” targeting cryptocurrency wallets. This new wave …GBHACKERS.COM
11 AprClient-Side Exploitation: Poisoning WebDAV+URL+LNK to Deliver Malicious PayloadsWebDAV incidents simulate an offensive attack employing a WebDAV server to distribute malware to a client PC. Attackers store malicious payloads and attract users into downloading and executing them. It then analyzes a real-world scenario involving AsyncRat/Purelogs malware to un…GBHACKERS.COM
11 AprBackdoor in XZ Utils That Almost HappenedLast week, the internet dodged a major nation-state attack that would have had catastrophic cybersecurity repercussions worldwide. It’s a catastrophe that didn’t happen, so it won’t get much attention—but it should. There’s an important moral to the story of the attack and …SCHNEIER.COM
11 AprNew Technique Detected in an Open Source Supply Chain AttackAttackers create malicious GitHub repositories with popular names and topics, using techniques like automated updates and fake stars to boost search rankings and deceive users.CHECKMARX.COM
11 AprCagey Phishing Attack Drops Multiple RATs to Steal Datasubmitted by kid to cybersecurity 1 points | 0 comments https://www.darkreading.com/remote-workforce/cagey-phishing-attack-delivers-multiple-rats-to-steal-windows-dataDARKREADING.COM
11 AprUS Cyber Force Assisted Foreign Governments 22 Times in 2023USCYBERCOM’s Cyber National Mission Force participated in 22 foreign hunt forward operations in 2023. The post US Cyber Force Assisted Foreign Governments 22 Times in 2023 appeared first on SecurityWeek .SECURITYWEEK.COM
11 AprNew Spectre v2 Attack Impacts Linux Systems Running on Intel CPUsResearchers have demonstrated the "first native Spectre v2 exploit" for a new speculative execution side-channel flaw that impacts Linux systems running on many modern Intel processors.BLEEPINGCOMPUTER.COM
11 AprApple: Mercenary spyware attacks target iPhone users in 92 countriesApple has been notifying iPhone users in 92 countries about a "mercenary spyware attack" attempting to remotely compromise their device. [...]BLEEPINGCOMPUTER.COM
11 AprCryptohack Roundup: Google Sues Alleged Crypto App CrooksAlso: Terraform Labs Liable in US Court for Civil Fraud This week, Google sued alleged crypto fraudsters, Mango Markets exploiter's trial began, Do Kwon and Terraform Labs are liable for civil fraud, Taiwanese prosecutors indicted ACE Exchange's co-founder, Wormhole nearly gave $…DATABREACHTODAY.CO.UK
11 AprData Access Platform PVML Launches With $8 Million in FundingTel Aviv startup banks seed funding for technology to help organizations connect, secure, and provide access to multiple data sources. The post Data Access Platform PVML Launches With $8 Million in Funding appeared first on SecurityWeek .SECURITYWEEK.COM
11 AprCISA Releases Nine Industrial Control Systems AdvisoriesCISA released nine Industrial Control Systems (ICS) advisories on April 11, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-102-01 Siemens SIMATIC S7-1500 ICSA-24-102-02 Siemens SIMATIC WinCC …CISA.GOV
11 AprDragonForce ransomware – what you need to knowLearn more about the DragonForce ransomware - how it came to prominence, and some of the unusual tactics used by the hackers who extort money from companies with it. Read more in my article on the Tripwire State of Security blog.TRIPWIRE.COM
11 AprIntel and Lenovo servers impacted by 6-year-old BMC flawAn almost 6-year-old vulnerability in the Lighttpd web server used in Baseboard Management Controllers has been overlooked by many device vendors, including Intel and Lenovo. [...]BLEEPINGCOMPUTER.COM
11 AprOur Security of AI Papers and Blogs ExplainedModerately relevant AI made image about AI papers :-) steampunk ofc! Recently our team has written several papers and blogs focused on securing AI. What you will not see in these papers is anything to do with robot rebellion or some such long-term potential threats. We also don’t…MEDIUM.COM
11 AprCustomers of Sisense data analytics service urged to change credentialsThe US Cybersecurity and Infrastructure Security Agency (CISA) is urging organizations to change any credentials they might have shared or stored with Sisense, a data analytics software and services provider, due to a compromise that’s still being investigated. Sisense’s platform…CSOONLINE.COM
11 AprUnderstanding KillNet and Recent Waves of DDoS Attacks - Michael Smith - ESW #357In the days when Mirai emerged and took down DynDNS, along with what seemed like half the Internet, DDoS was as active a topic in the headlines as it was behind the scenes (check out Andy Greenberg's amazing story on Mirai on Wired -https://www.wired.com/story/mirai-untold-story-…YOUTUBE.COM
11 AprTechnical Controlssubmitted by redfox to cybersecurity 1 points | 0 comments What sources of technical controls does your organization use? Do you base device/operating system configurations on: CIS workbench? NIST/STIG? Microsoft best practice? Google searches and ‘that looks good’? How closely r…INFOSEC.PUB
11 AprThe AI-est news segment ever, now with even more AI! - ESW #357This week, Tyler and Adrian discuss Cyera's $300M Series C, which lands them a $1.4B valuation! But is that still a unicorn? Aileen Lee of Cowboy Ventures, who coined the term back in 2013, recently wrote a piece celebrating the 10th anniversary of the term, and revisiting what i…YOUTUBE.COM
📋 SECURITY BULLETINS 1[−]
11 AprBreach Roundup: Sisense Supply Chain AttackAlso: A Romanian Botnet and Alcohol Counselor Monument Settles with US FTC Over Ads This week, Sisense supply chain attack, a likely Romanian botnet, Patch Tuesday, an Apple spyware warning and AT&T notifies customers of breach. Alcohol counselor Monument shared data with Met…DATABREACHTODAY.CO.UK
📢 SECURITY ADVISORIES 18[−]
11 AprCISA Opens Its Internal Malware Analysis Tool for Public UseThe Cybersecurity and Infrastructure Security Agency (CISA) has unveiled its latest initiative: opening its advanced malware analysis system, Malware Next-Gen, to the public. Malware Next-Gen represents a paradigm shift in analyzing and countering cyber threats and malware. With …GBHACKERS.COM
11 AprWater Facilities Compromised By Iranian Threat ActorsIn December 2023, a joint alert was issued by the FBI, CISA, NSA, EPA, and INCD regarding Iranian cyber actors known as "CyberAv3ngers" linked to Iran's Islamic Revolutionary Guard Corps (IRGC).KNOWBE4.COM
11 AprCompromise of Sisense Customer DataCISA is collaborating with private industry partners to respond to a recent compromise discovered by independent security researchers impacting Sisense, a company that provides data analytics services. CISA urges Sisense customers to: Reset credentials and secrets potentially exp…CISA.GOV
11 AprCISA investigates critical infrastructure breach after Sisense hackThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) is investigating the recent breach of data analytics company Sisense, an incident that also impacted critical infrastructure organizations. [...]BLEEPINGCOMPUTER.COM
11 AprCISA says Sisense hack impacts critical infrastructure orgsThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) is investigating the recent breach of data analytics company Sisense, an incident that also impacted critical infrastructure organizations. [...]BLEEPINGCOMPUTER.COM
11 AprAttack on data analytics company Sisense prompts alert from CISAsubmitted by kid to cybersecurity 1 points | 0 comments https://therecord.media/sisense-cyberattack-cisa-warning The top U.S. cybersecurity agency published a warning on Thursday morning about an attack on Sisense — which provides AI data analytics services to organizations like …THERECORD.MEDIA
11 AprSisense Data Breach Triggers CISA Alert and Urgent Calls for Credential ResetsThe US government issues a red-alert for what appears to be a massive supply chain breach at Sisense, a company that sells big-data analytics tools. The post Sisense Data Breach Triggers CISA Alert and Urgent Calls for Credential Resets appeared first on SecurityWeek .SECURITYWEEK.COM
11 AprCISA Issues Emergency Directive 24-02: Mitigating the Significant Risk from Nation-State Compromise of Microsoft Corporate Email SystemToday, CISA publicly issued Emergency Directive (ED) 24-02 to address the recent campaign by Russian state-sponsored cyber actor Midnight Blizzard to exfiltrate email correspondence of Federal Civilian Executive Branch (FCEB) agencies through a successful compromise of Microsoft …CISA.GOV
11 AprCISA Directs Federal Agencies to Immediately Mitigate Significant Risk From Russian State-Sponsored Cyber ThreatCISA.GOV
11 AprCISA orders agencies impacted by Microsoft hack to mitigate risksCISA has issued a new emergency directive ordering U.S. federal agencies to address risks resulting from the breach of multiple Microsoft corporate email accounts by the Russian APT29 hacking group. [...]BLEEPINGCOMPUTER.COM
11 AprCISA Warns Russian Microsoft Hackers Targeted Federal EmailsUS Cyber Defense Agency Instructs Agencies to Fortify Systems Amid Microsoft Breach The U.S. Cybersecurity and Infrastructure Security Agency publicly released an emergency directive Thursday requiring impacted federal agencies to take immediate remediation measures amid continue…DATABREACHTODAY.CO.UK
11 AprUS says Russian hackers stole federal government emails during Microsoft cyberattackCISA said the latest theft of government email — blamed on Russian government hackers — presents "a grave and unacceptable risk" to U.S. federal agencies. © 2024 TechCrunch. All rights reserved. For personal use only.TECHCRUNCH.COM
11 AprWhy CISA is Warning CISOs About a Breach at SisenseThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) said today it is investigating a breach at business intelligence company Sisense, whose products are designed to allow companies to view the status of multiple third-party online services in a single dashboard. CISA…KREBSONSECURITY.COM
11 AprImplementing Least-Privilege Administrative Modelssubmitted by redfox to cybersecurity 1 points | 0 comments https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/plan/security-best-practices/implementing-least-privilege-administrative-models Does anyone fully implement workstation and server logon restrictions, and pr…LEARN.MICROSOFT.COM
11 AprCISA makes its "Malware Next-Gen" analysis system publicly availableThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) has released a new version of "Malware Next-Gen," now allowing the public to submit malware samples for analysis by CISA. [...]BLEEPINGCOMPUTER.COM
🔥 INCIDENT REPORTING 16[−]
11 AprCyber Espionage: Turla APT Hackers Attack European Organization With BackdoorCybersecurity experts have uncovered a failed attempt by the notorious Russia-based Turla Advanced Persistent Threat (APT) group to infiltrate an Albanian organization. This incident is part of a broader cyber espionage campaign targeting European countries, with Poland also fall…GBHACKERS.COM
11 AprWiz Buys Startup Gem Security for $350M to Spot Cloud IssuesWiz purchased a cloud detection and response startup founded by a longtime Israeli Military Intelligence leader to address security operations and incident response use cases.BANKINFOSECURITY.COM
11 AprIMF: Financial Firms Lost $12 Billion to Cyberattacks in Two DecadesThe financial sector has suffered over 20,000 cyberattacks in two decades, causing more than $12 billion in losses. The post IMF: Financial Firms Lost $12 Billion to Cyberattacks in Two Decades appeared first on SecurityWeek .SECURITYWEEK.COM
11 AprNSA Updates Zero-Trust Advice to Reduce Attack Surfacessubmitted by kid to cybersecurity 1 points | 0 comments https://www.darkreading.com/cybersecurity-operations/nsa-updates-zero-trust-advice-to-reduce-attack-surfaces NSA recommendations include the use of encryption, tagging, labeling, data-loss prevention strategies, and data rig…DARKREADING.COM
11 AprRansomware payouts hit all-time high, but that’s not the whole storyRansomware payments hit an all-time high of $1.1 billion in 2023, following a steep drop in total payouts in 2022. Some factors that may have contributed to the decline in 2022 were the Ukraine conflict, fewer victims paying ransoms and cyber group takedowns by legal authorities.…SECURITYINTELLIGENCE.COM
11 AprUK's Attitude to Security Spotlit by Government FiguresThe report from the Department for Science, Innovation and Technology (DSIT), painted security as more of an afterthought for UK businesses, especially when considering the figures about how breaches are handled.THEREGISTER.COM
11 AprTA547 Hackers Launching AI-Powered Cyber Attacks Targeting OrganizationsTA547 has been targeting German organizations with an email campaign delivering the Rhadamanthys malware. Proofpoint has observed TA547 using Rhadamanthys, an information stealer that is utilized by multiple cybercriminal threat actors. The emails, which impersonated the German r…GBHACKERS.COM
11 AprTaxi Software Vendor Data Leak: 300K Passengers Data ExposedAround 300,000 taxi passengers’ personal information was left exposed on the internet, causing concern in the UK and Ireland. Cybersecurity researcher Jeremiah Fowler discovered the breach involving Dublin-based taxi dispatch system provider iCabbi and subsequently reported…GBHACKERS.COM
11 AprEast Central University suffers BlackSuit ransomware attackThe East Central University (ECU) of Ada, Oklahoma, has revealed that a ransomware gang launched an attack against its systems that left some computers and servers encrypted and may have also seen sensitive information stolen. Read more in my article on the Hot for Security blog.BITDEFENDER.COM
11 AprWhen a breach goes from 25 documents to 1.3 terabytes…If 25 documents stolen is "very serious," I'm not sure the words exist to describe the 1.3 terabytes of data that Leicester City Council now says it has had stolen by hackers.GRAHAMCLULEY.COM
11 AprHow Red Team Exercises Increases Your Cyber HealthDelve into the world of red team exercises, their vital role in enhancing organizational security through simulated cyberattacks, including tactics like phishing and lateral movement within networks, and understand the need for regular testing and improvement to counter evolving …TRENDMICRO.COM
11 AprOptics giant Hoya hit with $10 million ransomware demandA recent cyberattack on Hoya Corporation was conducted by the 'Hunters International' ransomware operation, which demanded a $10 million ransom for a file decryptor and not to release files stolen during the attack. [...]BLEEPINGCOMPUTER.COM
11 AprChange Healthcare Attack 'Devastating' to Doc PracticesAMA Survey Finds 80% of Practices Lost Revenue From Unpaid Claims The IT services disruptions resulting from the Change Healthcare cyberattack is continuing to have a "devastating" effect on physician practices, threatening the financial viability of many and posing serious impli…DATABREACHTODAY.CO.UK
11 AprFBI Calls for Increased Funding to Counter Cyber ThreatsFBI Director Chris Wray Warns U.S. Falling Behind to Adversaries in Cyberspace FBI Director Christopher Wray told a congressional panel Thursday the United States faces a wide range of "escalated" digital threats, including sophisticated cyberattacks and emerging risks to network…DATABREACHTODAY.CO.UK
11 AprRaspberry Robin Morphs, Now Spreads via Windows Script FilesMalware Platform Operators Taket Steps to Obfuscate Code Threat actors behind malware distribution platform Raspberry Robin worm have shifted tactics to make the malware harder to detect and for researchers to analyze. Hackers deploying Raspberry Robin - often a precursor to a ra…DATABREACHTODAY.CO.UK
🕵️ THREAT INTELLIGENCE 28[−]
11 AprISC Stormcast For Thursday, April 11th, 2024 https://isc.sans.edu/podcastdetail/8934, (Thu, Apr 11th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
11 AprHistory of RSA Conference. Bruce Schneier. The First ‘Exhibitor’ in 1994.Listen to the Audio on SoundCloud.com Bruce Schneier was at the first ever RSA Conference in 1991, and he was the first ‘exhibitor’ in 1994 when he asked Jim Bidzos, Creator of the RSA Conference, if he could sell copies of his book “Applied Cryptography.”…SCHNEIER.COM
11 AprEvolution of Artificial Intelligence Systems and Ensuring Trustworthiness, (Thu, Apr 11th)We live in a dynamic age, especially with the increasing awareness and popularity of Artificial Intelligence (AI) systems being explored by users and organizations alike. I was recently quizzed by a junior researcher on how AI systems came about and realized I could not answer th…ISC.SANS.EDU
11 AprCyberespionage Group Earth Hundun's Continuous Refinement of Waterbear and DeuterbearOur blog entry provides an in-depth analysis of Earth Hundun's Waterbear and Deuterbear malware.TRENDMICRO.COM
11 AprPalo Alto Networks Patches Vulnerabilities Allowing Firewall DisruptionPalo Alto Networks patches several high-severity vulnerabilities, including ones that allow DoS attacks against its firewalls. The post Palo Alto Networks Patches Vulnerabilities Allowing Firewall Disruption appeared first on SecurityWeek .SECURITYWEEK.COM
11 AprGoogle Cloud Unveils New AI-Powered Security CapabilitiesGoogle adds AI to cloud security features and announces other security capabilities for cloud customers. The post Google Cloud Unveils New AI-Powered Security Capabilities appeared first on SecurityWeek .SECURITYWEEK.COM
11 AprAlethea Raises $20 Million for Disinformation Detection and Mitigation SolutionAlethea has raised $20 million in Series B funding for its technology designed to detect and mitigate disinformation. The post Alethea Raises $20 Million for Disinformation Detection and Mitigation Solution appeared first on SecurityWeek .SECURITYWEEK.COM
11 AprTA547 Phishing Attack Hits German Firms with Rhadamanthys StealerA threat actor tracked as TA547 has targeted dozens of German organizations with an information stealer called Rhadamanthys as part of an invoice-themed phishing campaign. "This is the first time researchers observed TA547 use Rhadamanthys, an information stea…THEHACKERNEWS.COM
11 AprConservative Revolt in the House Blocks Effort to Reauthorize a Key US Spy ToolA bill that would reauthorize Section 702 of the Foreign Intelligence Surveillance Act was blocked by a conservative revolt. The post Conservative Revolt in the House Blocks Effort to Reauthorize a Key US Spy Tool appeared first on SecurityWeek .SECURITYWEEK.COM
11 AprGoogle Pays Out $41,000 for Three Serious Chrome VulnerabilitiesGoogle releases a Chrome 123 update to resolve three high-severity memory safety vulnerabilities. The post Google Pays Out $41,000 for Three Serious Chrome Vulnerabilities appeared first on SecurityWeek .SECURITYWEEK.COM
11 AprTop Tax Scams of 2024 Your Organization Should Watch Out ForAs the April 15, 2024 filing deadline approaches, tax scammers are working overtime to take advantage of rushed or stressed taxpayers.KNOWBE4.COM
11 AprMalvertising Campaigns Surged in 2023Researchers at BlueVoyant observed a 50% increase in large-scale malvertising campaigns in 2023 compared to 2022.KNOWBE4.COM
11 AprRhadamanthys Malware Deployed By TA547 Against German Targetssubmitted by kid to cybersecurity 1 points | 0 comments https://www.infosecurity-magazine.com/news/rhadamanthys-deployed-ta547-german/INFOSECURITY-MAGAZINE.COM
11 AprWhy Intelligence Sharing Is Vital to Building a Robust Collective Cyber Defense ProgramWith automated, detailed, contextualized threat intelligence, organizations can better anticipate malicious activity and utilize intelligence to speed detection around proven attacks. The post Why Intelligence Sharing Is Vital to Building a Robust Collective Cyber Defense Program…SECURITYWEEK.COM
11 AprNews alert: Simbian launches with $10M to build autonomous, GenAI-powered security platformMountain View, Calif. – April 11, 2024 – Simbian today emerged from stealth mode with oversubscribed $10M seed funding to deliver on fully autonomous security. As a first step towards that goal, the company is introducing the industry’s first GenAI-powered … (more…)LASTWATCHDOG.COM
11 AprSimbian Emerges From Stealth With $10 Million to Build Autonomous AI-Based Security PlatformSimbian aims to build a fully autonomous security platform that lets humans make the strategic decisions while AI implements those decisions. The post Simbian Emerges From Stealth With $10 Million to Build Autonomous AI-Based Security Platform appeared first on SecurityWeek .SECURITYWEEK.COM
11 AprInside AWS’s Crusade Against IP Spoofing and DDoS AttacksSecurityWeek speaks to Tom Scholl, VP and distinguished engineer at AWS, on how the organization tackles IP Spoofing and DDoS attacks. The post Inside AWS’s Crusade Against IP Spoofing and DDoS Attacks appeared first on SecurityWeek .SECURITYWEEK.COM
11 AprKnostic Emerges From Stealth With Enterprise Gen-AI Access ControlsStartup Knostic emerges from stealth mode with $3.3 million in funding and a gen-AI access control product for enterprises. The post Knostic Emerges From Stealth With Enterprise Gen-AI Access Controls appeared first on SecurityWeek .SECURITYWEEK.COM
11 AprGoogle Cloud and Palo Alto Networks Deliver Cloud-Native NGFW ServiceGoogle Cloud and Palo Alto Networks announce Google Cloud Next-Generation Firewall Enterprise. It has extensive threat prevention capabilities. The post Google Cloud and Palo Alto Networks Deliver Cloud-Native NGFW Service appeared first on Palo Alto Networks Blog .PALOALTONETWORKS.COM
11 AprZscaler to Acquire Network Segmentation Tech Startup Airgap NetworksZscaler announces plans to acquire Airgap Networks, a venture-backed startup selling network segmentation and secure access technologies. The post Zscaler to Acquire Network Segmentation Tech Startup Airgap Networks appeared first on SecurityWeek .SECURITYWEEK.COM
11 AprNews alert: NTT all photonics network connects data centers in U.S., U.K. at very low latencySan Francisco and Tokyo, Apr. 11, 2024 – At Upgrade 2024 , NTT Corporation (NTT) and NTT DATA announced the successful demonstration of All-Photonics Network (APN) -driven hyper low-latency connections between data centers in the United States and United Kingdom.… (more…)LASTWATCHDOG.COM
11 AprDigging Into Supply Chain Security - James McMurry - PSW #824Jim joins the Security Weekly crew to discuss all things supply chain! Given the recent events with XZ we still have many topics to explore, especially when it comes to practical advice surrounding supply chain threats. Visit https://www.securityweekly.com/psw for all the latest …YOUTUBE.COM
11 AprYesterday, in DC, I was given the Holland on the Hill Freddy Heineken AwardThe Holland on the Hill Freddy Heineken Award honors an entrepreneur who has made a substantial and positive contribution to the US-Dutch economic relationship, exemplifying the best of both worlds.KNOWBE4.COM
11 AprUS Government on High Alert as Russian Hackers Steal Critical Correspondence From MicrosoftThe US government says Midnight Blizzard’s compromise of Microsoft corporate email accounts "presents a grave and unacceptable risk to federal agencies." The post US Government on High Alert as Russian Hackers Steal Critical Correspondence From Microsoft appeared first on Securit…SECURITYWEEK.COM
11 AprWhy Is Your TV & NAS On The Internet? - PSW #824Ahoi new VM attacks ahead! HTTP/2 floods, USB Hid and run, forwarded email tricks, attackers be scanning, a bunch of nerds write software and give it away for free, your TV is on the Internet, Rust library issue, D-Link strikes again, EV charging station vulnerabilities, and rend…YOUTUBE.COM
11 AprHow Microsoft discovers and mitigates evolving attacks against AI guardrailsRead about some of the key issues surrounding AI harms and vulnerabilities, and the steps Microsoft is taking to address the risk. The post How Microsoft discovers and mitigates evolving attacks against AI guardrails appeared first on Microsoft Security Blog .MICROSOFT.COM
11 AprZscaler Buys Airgap Networks to Fuel Segmentation in IoT, OTDeal Will Thwart Lateral Movement of Malicious Traffic Inside of Corporate Networks Zscaler purchased an agentless segmentation startup founded by longtime Juniper Networks executives to dynamically control access to critical infrastructure based on identity and context. Acquirin…DATABREACHTODAY.CO.UK
11 AprLastPass: Hackers targeted employee in failed deepfake CEO callLastPass revealed this week that threat actors targeted one of its employees in a voice phishing attack, using deepfake audio to impersonate Karim Toubba, the company's Chief Executive Officer. [...]BLEEPINGCOMPUTER.COM
🌐 CYBER THREAT LANDSCAPE 3[−]
11 AprUS government urges Sisense customers to reset credentials after hackThe U.S. government's cybersecurity agency said it was responding to a "recent compromise" of the data analytics giant, which provides business intelligence to critical infrastructure. © 2024 TechCrunch. All rights reserved. For personal use only.TECHCRUNCH.COM
11 AprRhadamanthys Malware Deployed By TA547 Against German TargetsWhat’s particularly intriguing according to the researchers is the actor’s apparent employment of a PowerShell script likely generated by large language models (LLMs) such as ChatGPT, Gemini or CoPilot.INFOSECURITY-MAGAZINE.COM
11 AprLive Webinar | What’s Missing in Your Identity First Security Strategy: Lessons from an ISMG SurveyDATABREACHTODAY.CO.UK
📡 INFOSEC NEWS 19[−]
11 AprAnalyzing CryptoJS Encrypted Phishing AttemptARC Labs recently analyzed a phishing email used in a credential harvesting campaign that leveraged a lure notifying the target they received a voice message and needed to visit a link to access it.BINARYDEFENSE.COM
11 AprRaspberry Robin Now Spreading Through Windows Script FilesFirst identified in late 2021, Raspberry Robin is a Windows worm initially seen targeting technology and manufacturing organizations. It has since grown to become one of the most prevalent threats facing enterprises.THREATRESEARCH.EXT.HP.COM
11 AprAI Data Security Startup Cyera Confirms $300M Raise at a $1.4B ValuationThe lead investor for the Series C funding is Coatue, which is new to the startup’s cap table. Other new investors include Spark Capital, Georgian, and strategic backer AT&T Ventures.TECHCRUNCH.COM
11 AprNew Google Workspace Feature Prevents Sensitive Security Changes if Two Admins Don’t Approve ThemIf the feature is enabled, certain sensitive admin actions can be taken only if approved by an admin who did not initiate them and thus, in theory, preventing accidental or unauthorized changes made by either malicious insiders or outsidersHELPNETSECURITY.COM
11 AprPython's PyPI Reveals Its SecretsGitGuardian is famous for its annual State of Secrets Sprawl report. In their 2023 report, they found over 10 million exposed passwords, API keys, and other credentials exposed in public GitHub commits. The takeaways in their 2024 report did not just highlight 12.8 mill…THEHACKERNEWS.COM
11 AprSimbian brings AI to existing security toolsSimbian is a cybersecurity platform that effectively controls other cybersecurity platforms as well as security apps and tooling. © 2024 TechCrunch. All rights reserved. For personal use only.TECHCRUNCH.COM
11 AprDuckDuckGo launches a premium Privacy Pro VPN serviceDuckDuckGo has launched a new paid-for 3-in-1 subscription service called 'Privacy Pro,' which includes a virtual private network (VPN), a personal data removal service, and an identity theft restoration solution. [...]BLEEPINGCOMPUTER.COM
11 AprCISO Role Shows Significant Gains Amid Corporate Recognition of Cyber RiskCISOs and other management-level cybersecurity executives are gaining more influence and importance as companies have begun to recognize the need for strong cyber governance and oversight, according to a report from Moody’s Ratings.CYBERSECURITYDIVE.COM
11 AprMeta will auto-blur nudity in Instagram DMs in latest teen safety stepMeta has announced it’s testing new features on Instagram intended to help safeguard young people from unwanted nudity or sextortion scams. This includes a feature called Nudity Protection in DMs, which automatically blurs images detected as containing nudity. The tech gian…TECHCRUNCH.COM
11 AprGlobal Taxi Software Vendor Exposes Details Of Nearly 300K Across UK And IrelandPACKETSTORMSECURITY.COM
11 AprApple Drops Term State-Sponsored Attacks From Its Threat Notification PolicyPACKETSTORMSECURITY.COM
11 AprHow to automate up to 90% of IT offboarding tasksEmployee offboarding isn't anybody's favorite task—but it's a critical IT process that needs to be executed diligently and efficiently. Learn more from Nudge Security on automating offboarding of users in a secure manner. [...]BLEEPINGCOMPUTER.COM
11 AprPython's PyPI Reveals Its SecretsGitGuardian is famous for its annual State of Secrets Sprawl report. In their 2023 report, they found over 10 million exposed passwords, API keys, and other credentials exposed in public GitHub commits. The takeaways in their 2024 report did not just highlight 12.8 mill…THEHACKERNEWS.COM
11 AprX Fixes URL Blunder That Could Enable Social Media PhishingUsers started noticing on Monday that X's programmers implemented a rule on its iOS app that auto-changed Twitter.com links that appeared in Xeets (tweets) to X.com links.THEREGISTER.COM
11 AprOpenTable is adding your first name to previously anonymous reviewsRestaurant reservation platform OpenTable says that all reviews on the platform will no longer be fully anonymous starting May 22nd and will now show members' profile pictures and first names. [...]BLEEPINGCOMPUTER.COM
11 AprFileless Attacks Prompt Intel’s Next-Gen SecurityDiscover how Trend is strengthening its endpoint solutions to detect fileless attacks earlier. By leveraging Intel Threat Detection Technology, Trend enhances the scalability and resiliency of its solutions.TRENDMICRO.COM
11 AprBeyond fun and games: Exploring privacy risks in children’s appsShould children’s apps come with ‘warning labels’? Here's how to make sure your children's digital playgrounds are safe places to play and learn.WELIVESECURITY.COM