🐛 COMMON VULNERABILITIES AND EXPOSURES 6[−]
9 MayUndetectable Threats Found in F5 BIG-IP Next Central ManagerThe two vulnerabilities, an SQL injection flaw (CVE-2024-26026) and an OData injection vulnerability (CVE-2024-21793), could allow attackers to gain admin control and create hidden rogue accounts on managed assets.HEALTHCAREINFOSECURITY.COM
9 MayAndroid Update Patches Critical VulnerabilityGoogle recently released a series of security updates for Android to address 26 vulnerabilities, including a critical flaw in the System component (CVE-2024-23706) that could allow attackers to escalate privileges on vulnerable devices.SOURCE.ANDROID.COM
9 MayMirai Botnet Exploits Ivanti Connect Secure Flaws for Malicious Payload DeliveryTwo recently disclosed security flaws in Ivanti Connect Secure (ICS) devices are being exploited to deploy the infamous Mirai botnet. That's according to findings from Juniper Threat Labs, which said the vulnerabilities CVE-2023-46805 and CVE-2024-21887 h…THEHACKERNEWS.COM
9 MayCISA Announces CVE Enrichment Project ‘Vulnrichment’CISA’s Vulnrichment project is adding important information to CVE records to help improve vulnerability management processes. The post CISA Announces CVE Enrichment Project ‘Vulnrichment’ appeared first on SecurityWeek .SECURITYWEEK.COM
9 MayMirai Botnet Exploits Ivanti Connect Secure Flaws for Payload DeliveryIn the attack chain observed by Juniper Threat Labs, CVE-2023-46805 is exploited to gain access to the "/api/v1/license/key-status/;" endpoint, which is vulnerable to command injection, and inject the payload.BLOGS.JUNIPER.NET
9 MayNew TunnelVision Attack Allows Hijacking of VPN Traffic via DHCP ManipulationResearchers have detailed a Virtual Private Network (VPN) bypass technique dubbed TunnelVision that allows threat actors to snoop on victim's network traffic by just being on the same local network. The "decloaking" method has been assigned the CVE identifier&…THEHACKERNEWS.COM
⚠️ VULNERABILITY DISCLOSURE 32[−]
9 MayEvolving nature of ransomware attacks - Kris Lahiri - RSA24 #3In recent years, ransomware attacks have undergone a transformative evolution, shifting from indiscriminate, mass-distributed assaults to highly targeted, sophisticated campaigns. Kris Lahiri is able to discuss the dynamic landscape of ransomware and dive into the techniques he h…YOUTUBE.COM
9 MaySquareX is disrupting the browser security market - Vivek Ramachandran - RSA24 #3Attackers are targeting enterprise users when they are online via attacks like spear phishing, malicious docs infected with malware/ransomware. Today SASE/SSE’s Secure Web Gateway (SWG) component is touted as the solution to this problem. These SWGs look at traffic between the en…YOUTUBE.COM
9 MayCreating Phishing-Resistant Users Helps Enterprises Achieve True Passwordless Auth - C... - RSA24 #3In the dynamic landscape of cybersecurity, the urgency to eliminate passwords as a security vulnerability has never been more critical. Organizations are continuing to face a surge in the variety and complexity of cyber threats at historical rates, often fueled by compromised emp…YOUTUBE.COM
9 MayEmpowering Today’s Security Teams With AI-Powered Analytics and Actioned Insights - An... - RSA24 #3Anomali’s breakthrough AI-Powered Security Operations Platform is a cloud-native solution that delivers the industry’s most comprehensive set of integrated and automated security functions. Ahmed Rubaie, Anomali’s CEO, discusses how Anomali Copilot automates mundane tasks and ena…YOUTUBE.COM
9 MayAI in SecOps: Separating Fact from Fiction - Jason Keirstead - RSA24 #3In this candid discussion, Jason Keirstead, Cyware's VP of Collective Threat Defense, takes us beyond the AI buzz in cybersecurity, addressing the hype vs. hyperbole spreading across the industry. While AI has tremendous potential for cybersecurity, Jason emphasizes its pragmatic…YOUTUBE.COM
9 MayCritical F5 Central Manager Vulnerabilities Allow Enable Full Device TakeoverTwo security vulnerabilities have been discovered in F5 Next Central Manager that could be exploited by a threat actor to seize control of the devices and create hidden rogue administrator accounts for persistence. The remotely exploitable flaws "can give attackers full administr…THEHACKERNEWS.COM
9 MayVeeam Fixes RCE Flaw in Backup Management PlatformThe vulnerability exists due to an unsafe deserialization method used by the Veeam Service Provider Console (VSPC) server during communication between the management agent and its components.HELPNETSECURITY.COM
9 MayRansomware Criminals SIM Swap Executives' Kids to Pressure ParentsRansomware infections have morphed into "a psychological attack against the victim organization," as criminals use increasingly personal and aggressive tactics to force victims to pay up, according to Google-owned Mandiant.THEREGISTER.COM
9 MayAlert! Hackers Running Thousands of Fake Webshops : 850,000+ Cards StolenA sprawling cybercrime network, “BogusBazaar,” has stolen credit card details from over 850,000 online shoppers, mainly in Western Europe and the United States, by operating tens of thousands of fraudulent e-commerce websites. Security researchers estimate that since …GBHACKERS.COM
9 MayPalo Alto launches AI-powered solutions to fight AI-generated cyberthreatsPalo Alto Networks has launched a new suite of security solutions designed to help enterprises combat AI-generated cyberthreats. The suite is powered by its proprietary solution, Precision AI, which integrates machine learning, deep learning, and generative AI technologies, the c…CSOONLINE.COM
9 MayPktstat: Open-Source Ethernet Interface Traffic MonitorPktstat is an open-source tool that is a straightforward alternative to ncurses-based Pktstat. On Linux, it utilizes AF_PACKET, while on other platforms, it employs generic PCAP live wire capture.HELPNETSECURITY.COM
9 MayZscaler shuts down exposed system after rumors of a cyberattackIn response to the rumors of a threat actor hacking and selling access to its systems, Zscaler said it has taken a “test environment” offline for analysis which was found to be exposed. “Our investigation discovered an isolated test environment on a single server (without any cus…CSOONLINE.COM
9 MayProton VPN TunnelVision support response.submitted by runswithjedi to cybersecurity 1 points | 0 comments I contacted Proton VPN about the TunnelVision exploit and I got a response. I feel great about it, thank you Proton! Hi, Thank you for your patience. Our engineers have conducted a thorough analysis of this threat, …SH.ITJUST.WORKS
9 MaySix Austrians Arrested in Multi-Million Euro Crypto SchemeLaw enforcement agencies from Austria, Cyprus, and Czechia have collaborated to dismantle an online cryptocurrency scam, resulting in the arrest of six Austrians allegedly behind the scheme.INFOSECURITY-MAGAZINE.COM
9 MayFake E-commerce Network Scams $50M from American, European, Australian ShoppersAccording to a report by the German cybersecurity firm Security Research Labs GmbH (SRLabs), the BogusBazaar network has attempted to process an estimated $50 million in fake purchases since the operation launched three years ago.THEREGISTER.COM
9 MayReport: 97% of Organizations Hit by Ransomware Turn to Law EnforcementAccording to a new Sophos report, 59% of those organizations that did engage with law enforcement found the process easy or somewhat easy. Only 10% of those surveyed said the process was very difficult.HELPNETSECURITY.COM
9 MayLatest NICE Framework Update Offers Improvements for the Cybersecurity WorkforceI joined NIST as the first full-time manager of the NICE Framework in October 2020, just one short month before NICE published the first revision NIST Special Publication 800-181, the NICE Workforce Framework for Cybersecurity (NICE Framework). That revision – far from finalizing…NIST.GOV
9 MayThreat Actors Accessed Cancer patients’ Data left Open by Testing LabGuardant Health, a leading cancer screening and precision medicine company, has disclosed a data breach that left sensitive patient information publicly accessible online for over three years. The California-based firm, which has performed over 500,000 blood tests, is notifying a…GBHACKERS.COM
9 MayDefending against AI and new deepfake technology threats & How an MSSP can help - Jim ... - RSA24 #3The past two years have witnessed an unprecedented surge in the adoption of generative artificial intelligence (AI) across various industries. And while this presents new efficiencies, with these benefits come significant security concerns. The widespread integration of AI applic…YOUTUBE.COM
9 MayASD’s ACSC, CISA, and Partners Release Secure by Design Guidance on Choosing Secure and Verifiable TechnologiesToday, the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC), together with CISA, the Canadian Centre for Cyber Security (CCCS), the United Kingdom’s National Cyber Security Centre (NCSC-UK), and the New Zealand National Cyber Security Centre (NCSC-NZ…CISA.GOV
9 MayCISA Releases Four Industrial Control Systems AdvisoriesCISA released four Industrial Control Systems (ICS) advisories on May 09, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-130-01 Rockwell Automation FactoryTalk Historian SE ICSA-24-130-02 alp…CISA.GOV
9 MayHow Workforce Reductions Affect Cybersecurity PosturesThe Cobalt State of Pentesting Report highlights the challenges faced by the cybersecurity industry in balancing the use of AI and protecting against it, amidst significant workforce reductions and resource constraints.HELPNETSECURITY.COM
9 MayNext Gen Threats, CTEM Essentials, & Proactive MDR - Randy Watkins, Paul Reid, Zaira P... - ESW #361Emerging threats are targeting organizations from seemingly every angle. This means security teams must expand their focus to secure as many domains as possible. OpenText is building on its holistic approach to cybersecurity with new innovations that make it easier for organizati…YOUTUBE.COM
9 MayBreach Roundup: LockBit Claims Wichita AttackAlso: New Attack Threatens VPN User Privacy; Android Malware Targets Finland This week, LockBit claimed responsibility for an attack, British Columbia probed an attack, the "TunnelVision" flaw threatened VPN users' privacy, a CEO was sentenced for a scam, attackers exploited a Wo…DATABREACHTODAY.CO.UK
9 MayCitrix warns admins to manually mitigate PuTTY SSH client bugCitrix notified customers this week to manually mitigate a PuTTY SSH client vulnerability that could allow attackers to steal a XenCenter admin's private SSH key. [...]BLEEPINGCOMPUTER.COM
9 MayProtecting Data in the Cloud and GenAI Era - Pranava Adduri - RSA24 #4CISOs encounter challenges in securing data amidst the rapid growth driven by Cloud and GenAI applications. In this segment, we will delve into how Bedrock Security powers frictionless data security, empowering CISOs to securely manage data sprawl, allowing their businesses to op…YOUTUBE.COM
9 MayThe Role of Security Validation to Reduce and Quantify Cyber Risk - Volkan Ertürk - RSA24 #4With scores of security tools implemented, configured, and integrated security teams are overwhelmed while knowing there is still a possibility for a breach. As they work to prioritize threat exposures, it is imperative for organizations to have a clear, context-rich, and up-to-d…YOUTUBE.COM
9 MaySailPoint’s Approach to Unified Identity Security for the Modern Enterprise - Wendy Wu - RSA24 #4The next generation of identity security is not about the popular idea of convergence, but of unification. A single, AI-driven solution that integrates PAM with identity security and access management is the clear path forward to manage and secure all enterprise data through a un…YOUTUBE.COM
9 MayRising Stakes: Unpacking Sophos' 5th Annual State of Ransomware Report - John Shier - RSA24 #4In this podcast segment, we delve into Sophos' fifth annual State of Ransomware report, exploring significant findings and trends in the evolving ransomware landscape. We'll discuss the sharp increase in recovery costs, the strategic targeting of backups by hackers, and the evolv…YOUTUBE.COM
9 MayA Vulnerability in F5 BIG-IP Next Central Manager Could Allow for Remote Code ExecutionA vulnerability has been discovered in F5 BIG-IP Next Central Manager that could allow for remote code execution. BIG-IP Next Central Manager is the management and application orchestration platform used to control BIG-IP Next instances. It can be installed on dedicated hardware …CISECURITY.ORG
9 MayCloud Computing is Evolving - With a Little Help From AISarbjeet Johal of StackPayne on How Generative AI is Improving Cloud Operations Sarbjeet Johal, CEO of StackPayne, discusses how generative AI is transforming cloud computing, empowering developers and driving operational efficiency. Johal breaks down the fierce cloud market comp…DATABREACHTODAY.CO.UK
📢 SECURITY ADVISORIES 6[−]
9 MayF5’s Next Central Manager Vulnerabilities Let Hackers Take Full Device Control RemotelyIn a significant cybersecurity development, researchers have uncovered critical vulnerabilities in F5’s Next Central Manager, which could potentially allow attackers to gain full administrative control over the device. This alarming security flaw also creates hidden rogue a…GBHACKERS.COM
9 MayNew Guide: How to Scale Your vCISO Services ProfitablyCybersecurity and compliance guidance are in high demand among SMEs. However, many of them cannot afford to hire a full-time CISO. A vCISO can answer this need by offering on-demand access to top-tier cybersecurity expertise. This is also an opportunity for MSPs an…THEHACKERNEWS.COM
9 MayCISA Extends CIRCIA Rule Comment PeriodThe CISA will prolong the comment period for new regulations under the Cyber Incident Reporting for Critical Infrastructure Act for another month after requests from the energy and information technology sectors and other industries.SCMAGAZINE.COM
9 MaySecurity Tools Fail to Translate Risks for ExecutivesCISOs stress the importance of DevSecOps automation to mitigate risks associated with AI and emphasize the need for modernized security tools to combat evolving cyber threats and comply with regulations.HELPNETSECURITY.COM
9 MayWith Nation-State Threats in Mind, Nearly 70 Software Firms Agree to Secure by Design PledgeThe CISA announced the first round of commitments at the RSA Conference on Wednesday, with Director Jen Easterly warning that it was necessary because of widespread hacking campaigns by nation-states like China.THERECORD.MEDIA
9 MayTechnology Giants Join CISA's Secure By Design Pledge68 Tech Companies Join US Cyber Agency's Pledge to Build Security Into Products The U.S. Cybersecurity and Infrastructure Security Agency has announced a new voluntary pledge featuring 68 inaugural members that have committed to take specific actions to improve the security of th…DATABREACHTODAY.CO.UK
🔥 INCIDENT REPORTING 20[−]
9 MayTappware - 94,734 breached accountsIn April 2024, a substantial volume of data was taken from the Bangladeshi IT services provider Tappware and published to a popular hacking forum . Comprising of 95k unique email addresses, the data also included extensive labour information on local citizens including names, phy…HAVEIBEENPWNED.COM
9 MayPolish Government Under Sophisticated Cyber Attack From APT28 Hacker GroupThe Polish computer emergency response team CERT.pl has issued a warning about an ongoing cyberattack campaign by the notorious APT28 hacking group, also known as Fancy Bear or Sofacy. The campaign is targeting various Polish government institutions with a new strain of malware. …GBHACKERS.COM
9 MayBangladesh IT Provider Database Compromise: 95k Email Addresses LeakedTappware, a prominent IT service provider, faced a breach when approximately 50GB of its database was leaked on a hacker forum. This database contained 2.3 million rows of data, including sensitive personal information such as names, addresses, and phone numbers of individuals as…GBHACKERS.COM
9 MayUS Advances on Cyber Goals Amid Rapidly Changing Threat Environment, White House SaysDespite the progress in improving cybersecurity posture, the United States still faces various threats, including ransomware attacks, cyberattacks on critical infrastructure, and the growing use of artificial intelligence in malicious activities.NEXTGOV.COM
9 MaySocGholish Attacks Enterprises Via Fake Browser UpdatesEnterprises are being targeted by the malware known as SocGholish through deceptive browser update prompts. This malware, notorious for its stealth and the complexity of its delivery mechanisms, has been identified in a series of incidents involving fake browser updates that tric…GBHACKERS.COM
9 MayCancer patients’ sensitive information accessed by “unidentified parties” after being left exposed by screening lab for yearsA medical lab that specialises in cancer screenings has admitted to an alarming data breach that left sensitive patient information exposed for years - and accessible by unauthorised parties. California-based Guardant Health is notifying affected individuals that information rela…BITDEFENDER.COM
9 MayCyber Attack On Data Center Cooling Systems Leads To DisruptionCritical operational elements such as data storage, processing, backups, and recovery heavily rely on Australian industrial organizations’ data centers. These facilities support various business functions, including productivity tools, transaction-intensive applications, bi…GBHACKERS.COM
9 MayLockBit Takes Credit for City of Wichita Ransomware AttackThe LockBit cybercrime group has taken credit for the recent ransomware attack that disrupted City of Wichita systems. The post LockBit Takes Credit for City of Wichita Ransomware Attack appeared first on SecurityWeek .SECURITYWEEK.COM
9 MayGenerative AI is a Looming Cybersecurity ThreatResearchers have not identified any AI-engineered cyberattack campaigns, yet, but they say it’s only a matter of time before an AI system is dominant enough in the market to draw attention.CYBERSECURITYDIVE.COM
9 MayAscension warns of suspected cyberattack; clinical operations disruptedsubmitted by hoanbridgetroll to cybersecurity 2 points | 0 comments https://www.reuters.com/technology/cybersecurity/ascension-warns-suspected-cyberattack-clinical-operations-disrupted-2024-05-08/REUTERS.COM
9 MayDell discloses data breach of customers’ physical addressesTechnology giant Dell notified customers on Thursday that it experienced a data breach involving customers’ names and physical addresses. In an email seen by TechCrunch and shared by several people on social media, the computer maker wrote that it was investigating “an incident i…TECHCRUNCH.COM
9 MayDell warns of data breach, 49 million customers allegedly affectedDell is warning customers of a data breach after a threat actor claimed to have stolen information for approximately 49 million customers. [...]BLEEPINGCOMPUTER.COM
9 MayUpdate: Boeing Confirms Attempted $200 Million Ransomware Extortion AttemptBoeing confirmed to CyberScoop that it is the unnamed multinational aeronautical and defense corporation referenced in an indictment unsealed Tuesday by the U.S. Department of Justice.CYBERSCOOP.COM
9 MayBritish Columbia investigating cyberattacks on government networksThe Government of British Columbia is investigating multiple "cybersecurity incidents" that have impacted the Canadian province's government networks. [...]BLEEPINGCOMPUTER.COM
9 MayDell Says Customer Names, Addresses Stolen in Database BreachTech giant notifies millions of customers that full names and physical mailing addresses were stolen during a security incident. The post Dell Says Customer Names, Addresses Stolen in Database Breach appeared first on SecurityWeek .SECURITYWEEK.COM
9 MayAscension Responding to Cyberattack Affecting Clinical CareHospital Chain Advised Business Partners to 'Temporarily' Disconnect During Response Ascension, a non-profit, Catholic healthcare system and one of the largest health systems in the United States, has taken some IT systems offline and advised business partners to disconnect from …DATABREACHTODAY.CO.UK
9 MayCryptohack Roundup: BTC-e's Alex Vinnik Pleads GuiltyAlso: Arrests in a $43M Ponzi Scheme and Arrest in ZKasino Case This week, BTC-e head pleaded guilty; arrests were made in Ponzi scheme, ZKasino case; charges filed in Cred scam; individual and Pike Finance were hacked; Hundred Finance's hacker moved stolen funds; the EU took dow…DATABREACHTODAY.CO.UK
9 May$10 million reward offer for apprehension of unmasked LockBit ransomware leaderDo you know Dmitry Yuryevich Khoroshev? If you do, there's a chance that you might well on the way to receiving a reward of up to $10 million. Read more in my article on the Exponential-e blog.EXPONENTIAL-E.COM
9 MayRSA Conference 2024: AI hype overloadCan AI effortlessly thwart all sorts of cyberattacks? Let’s cut through the hyperbole surrounding the tech and look at its actual strengths and limitations.WELIVESECURITY.COM
🕵️ THREAT INTELLIGENCE 24[−]
9 MayNews alert: Security Risk Advisors offers free workshop to help select optimal OT security toolsPhiladelphia, Pa., May 8, 2024, CyberNewsWire — Security Risk Advisors (SRA) announces the launch of their OT/XIoT Detection Selection Workshop, a complimentary offering designed to assist organizations in selecting the most suitable operational technology (OT) and Extended…LASTWATCHDOG.COM
9 MayISC Stormcast For Thursday, May 9th, 2024 https://isc.sans.edu/podcastdetail/8974, (Thu, May 9th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
9 MayTransatlantic Cable podcast episode 346 | Kaspersky official blogEpisode 346 of the Kaspersky Podcast takes a look at North Korean propaganda sweeping TikTok, Nudify app and more.KASPERSKY.COM
9 MayZscaler Investigates Hacking Claims After Data Offered for SaleZscaler says its customer, production and corporate environments are not impacted after a notorious hacker offers to sell access. The post Zscaler Investigates Hacking Claims After Data Offered for Sale appeared first on SecurityWeek .SECURITYWEEK.COM
9 MayRSA Conference 2024 – Announcements Summary (Day 3)Hundreds of companies are showcasing their products and services this week at the 2024 edition of the RSA Conference in San Francisco. The post RSA Conference 2024 – Announcements Summary (Day 3) appeared first on SecurityWeek .SECURITYWEEK.COM
9 MayF5 Patches Dangerous Vulnerabilities in BIG-IP Next Central ManagerF5 has patched two potentially serious vulnerabilities in BIG-IP Next that could allow an attacker to take full control of a device. The post F5 Patches Dangerous Vulnerabilities in BIG-IP Next Central Manager appeared first on SecurityWeek .SECURITYWEEK.COM
9 MayPoland says Russian cyberspies targeted government networkssubmitted by kid to cybersecurity 1 points | 0 comments https://www.reuters.com/technology/cybersecurity/poland-says-it-was-targeted-by-hacking-attack-russia-linked-group-apt28-2024-05-08/REUTERS.COM
9 MayBetterHelp Customers Begin Receiving Refund Notices From $7.8M Data Privacy Settlement, FTC SaysBetterHelp customers have started receiving refund notices from a $7.8 million data privacy settlement, the FTC says. The post BetterHelp Customers Begin Receiving Refund Notices From $7.8M Data Privacy Settlement, FTC Says appeared first on SecurityWeek .SECURITYWEEK.COM
9 MaySocial engineering in the era of generative AI: Predictions for 2024Breakthroughs in large language models (LLMs) are driving an arms race between cybersecurity and social engineering scammers. Here’s how it’s set to play out in 2024. For businesses, generative AI is both a curse and an opportunity. As enterprises race to adopt the te…SECURITYINTELLIGENCE.COM
9 MayPoland Says it was Targeted by Russian Military Intelligence HackersPoland’s CERT-PL said on Wednesday that it had observed a large-scale malware campaign, likely carried out by the hacker group APT28, also known as Fancy Bear, associated with Russia’s military intelligence agency, the GRU.THERECORD.MEDIA
9 MayKeyfactor & Devo RSAC CISO Panel DiscussionA panel of CISOs, led by Keyfactor & Devo, discusses CISO best practicesDATABREACHTODAY.CO.UK
9 MayCriminal Use of AI Growing, But Lags Behind DefendersWhen not scamming other criminals, criminals are concentrating on the use of mainstream AI products rather than developing their own AI systems. The post Criminal Use of AI Growing, But Lags Behind Defenders appeared first on SecurityWeek .SECURITYWEEK.COM
9 MayKremlin-Backed APT28 Targets Polish Institutions in Large-Scale Malware CampaignPolish government institutions have been targeted as part of a large-scale malware campaign orchestrated by a Russia-linked nation-state actor called APT28. "The campaign sent emails with content intended to arouse the recipient's interest and persuade him to click on the li…THEHACKERNEWS.COM
9 MayHow Criminals Are Using Generative AIThere’s a new report on how criminals are using generative AI tools: Key Takeaways: Adoption rates of AI technologies among criminals lag behind the rates of their industry counterparts because of the evolving nature of cybercrime. Compared to last year, criminals seem to h…SCHNEIER.COM
9 MayAnalyzing PDF Streams, (Thu, May 9th)Occasionaly, Xavier and Jim will ask me specific students&;&;#x23;39; questions about my tools when they teach FOR610: Reverse-Engineering Malware .
ISC.SANS.EDU
9 MayRequest: Guidance from Staff+ Security Engineerssubmitted by shellsharks to cybersecurity 2 points | 0 comments A request for any security engineers who are Lead/Staff/L6 level or above (e.g. Senior Staff, Principal, Sr. Principal, Architect, etc…). What advice would you give to senior engineers (and below) on things they shou…INFOSEC.PUB
9 May[Breaking] The News Is Increasingly Broken. Surge Of Inaccurate AI News StoriesKeeping up to date what is happening is crucial in IT, but the reliability of the news you consume is facing a growing threat.KNOWBE4.COM
9 MayPhishing Attacks Increase, Network Transformation, & Unified SASE as a Service - Deepe... - ESW #361The landscape of phishing attacks continues to rapidly evolve. In 2023, Zscaler ThreatLabz observed a year-over-year increase of 58.2% in global phishing attempts. This surge was characterized by emerging schemes, including voice phishing, recruitment scams, and browser-in-the-br…YOUTUBE.COM
9 MayAccenture Lands $789 Million Contract to Bolster U.S. Navy CybersecurityAccenture Federal Services wins $789 million U.S. Navy SHARKCAGE cybersecurity contract. The post Accenture Lands $789 Million Contract to Bolster U.S. Navy Cybersecurity appeared first on SecurityWeek .SECURITYWEEK.COM
9 MayApps Gone Wild: Re-thinking App and Identity Security for SaaS - Guy Guzner - RSA24 #4With hundreds or thousands of SaaS apps to secure with no traditional perimeter, Identity becomes the focal point for SaaS Security in the modern enterprise. Yet with Shadow IT, now recast as Business-Led IT, quickly becoming normal practice, it’s more complicated than trying to …YOUTUBE.COM
9 MayTech Giants Cater to Government With AI ToolsMitre, Microsoft Announce Government-Focused AI Tools This Week Government spies can't just ask ChatGPT how to use artificial intelligence in their jobs. That puts a crimp in American government efforts to apply artificial intelligence - but it's also an opportunity for organizat…DATABREACHTODAY.CO.UK
9 MayMonday.com removes "Share Update" feature abused for phishing attacksProject management platform Monday.com has removed its "Share Update" feature after threat actors abused it in phishing attacks. [...]BLEEPINGCOMPUTER.COM
9 MayAutomated Pentesting, AI in SecOps, & AI-Powered Analytics - Jason Keirstead, Jay Mar-... - ESW #361Despite building up impressive security stacks in the Cloud, organizations are still struggling to keep their environments safe. Pentera recently introduced Pentera Cloud as the first tool to provide automated pentesting capabilities for cloud environments. This conversation will…YOUTUBE.COM
9 MayISMG Editors: Day 3 Highlights at RSA Conference 2024Panel Discusses Way to Address the Job Shortage, the Latest Product Launches and OT From the RSA Conference in San Francisco, three ISMG editors joined with a CISO to cover highlights from the event including ways to address the shortage and prevent burnout, the latest AI-based s…DATABREACHTODAY.CO.UK
🌐 CYBER THREAT LANDSCAPE 3[−]
9 MayLive Webinar Today | Protecting Your Pipeline: Strategies to Thwart Supply Chain AttacksDATABREACHTODAY.CO.UK
9 MayFBI warns US retailers that hackers are targeting their gift card systemsThe FBI has issued a warning to US retailers about a financially-motivated malicious hacking ring that has been targeting employees with phishing attacks in an attempt to create fraudulent gift cards. Read more in my article on the Tripwire State of Security blog.TRIPWIRE.COM
9 MayOnDemand | Protecting Your Pipeline: Strategies to Thwart Supply Chain AttacksDATABREACHTODAY.CO.UK
📡 INFOSEC NEWS 15[−]
9 MayThe Top Four Things Tech Manufacturers can do to Bolster the Cybersecurity of Target-Rich, Cyber-Poor OrganizationsCISA.GOV
9 MayTwo-Thirds of Organizations Failing to Address AI Risks, ISACA FindsOnly a third of organizations are adequately addressing security, privacy and ethical risks with AI, despite surging use of these technologies in the workplace, according to new ISACA research.INFOSECURITY-MAGAZINE.COM
9 MayReport Shows AI Fraud, Deepfakes are Top Challenges for BanksA report by Mitek Systems reveals that banks are facing a significant challenge with fraud, including traditional issues like money laundering and account takeover, as well as newer threats such as AI-generated fraud and deepfakes.INFOSECURITY-MAGAZINE.COM
9 MayFBI Warns of Gift Card Fraud Ring Targeting Retail CompaniesThe FBI has issued a warning about a hacking group named Storm-0539 targeting retail companies in the United States through phishing attacks on employees in gift card departments.BLEEPINGCOMPUTER.COM
9 MayFindings Show MFA Bypass in Microsoft Azure Entra ID Using Seamless SSOResearchers at Pen Test Partners successfully bypassed Azure’s MFA requirement for SSO by changing the user-agent of a browser. They used a browser that resembled Chrome on Linux but encountered an error message stating MFA was required.HACKREAD.COM
9 MayLive Webinar | Digital Doppelgängers: The Dual Faces of Deepfake TechnologyDATABREACHTODAY.CO.UK
9 MayCritical Vulnerabilities In BIG-IP Appliances Leave Big Networks Open To IntrusionPACKETSTORMSECURITY.COM
9 MayOne Year On, Universities Org Admits MOVEit Attack Hit Data Of 800k PeoplePACKETSTORMSECURITY.COM
9 MayAT&T delays Microsoft 365 email delivery due to spam waveAT&T's email servers are blocking connections from Microsoft 365 due to a "high volume" spam wave originating from Microsoft's service. [...]BLEEPINGCOMPUTER.COM
9 MayPoland says Russian military hackers target its govt networksPoland says a state-backed threat group linked to Russia's military intelligence service (GRU) has been targeting Polish government institutions throughout the week. [...]BLEEPINGCOMPUTER.COM