97Articles
8Categories
2024-05-13Date
🚨 CISA KEV 1[−]
13 May KEVCISA Adds One Known Exploited Vulnerability to CatalogCISA has added one new vulnerability to its  Known Exploited Vulnerabilities Catalog , based on evidence of active exploitation. CVE-2024-4671 Google Chromium in Visuals Use-After-Free Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyb…CISA.GOV
🐛 COMMON VULNERABILITIES AND EXPOSURES 4[−]
13 MayRidding your network of NTLMMicrosoft has hinted at a possible end to NTLM a few times, but with quite a few Windows 95 or 98 in use that do not support the alternative, Kerberos, it won’t be an easy job to do. There is the option to disable NTLM when using Azure Active Directory but that may not always be …CSOONLINE.COM
13 May KEVMicrosoft Edge Zero-Day Vulnerability Exploited in the WildA zero-day vulnerability in Microsoft Edge, which has been tagged as CVE-2024-4671, has been aggressively exploited by evil organizations, according to reports. This security flaw originates from the Chromium engine that underpins the browser. Chromium is also the foundation for …GBHACKERS.COM
13 MayCritical Cacti Vulnerability Let Attackers Execute Remote CodeCacti, the widely utilized network monitoring tool, has recently issued a critical security update to address a series of vulnerabilities, with the most severe being CVE-2024-25641. This particular vulnerability has been assigned a high severity rating with a CVSS score of 9.1, i…GBHACKERS.COM
13 MayExperts Warn the NVD Backlog Is Reaching a Breaking PointFederal Database Nears 10,000 Unanalyzed Vulnerabilities Amid Halt in Operations The National Vulnerability Database is currently suffering from a backlog of nearly 10,000 unanalyzed common vulnerabilities and exposures amid an apparent halt in data enrichment operations and a gr…DATABREACHTODAY.CO.UK
⚠️ VULNERABILITY DISCLOSURE 23[−]
13 May KEVHackers Exploiting Vulnerabilities 50% Faster, Within 4.76 DaysCybersecurity researchers are sounding the alarm that hackers are exploiting software vulnerabilities faster than ever before. A new report from Fortinet found that in the second half of 2023, the average time between a vulnerability being disclosed and actively exploited in the …GBHACKERS.COM
13 MayMY TAKE: RSAC 2024’s big takeaway: rules-based security is out; contextual security is taking overKINGSTON, Wash. — U.S. Secretary of State Antony Blinken opened RSA Conference 2024 last week issuing a clarion call for the cybersecurity community to defend national security, nurture economic prosperity and reinforce democratic values. Related: The power of everyman conv…LASTWATCHDOG.COM
13 MayHuman body pose recognition using Wi-Fi signal | Kaspersky official blogResearchers have trained an AI model to detect a person and recognize their pose through Wi-Fi signals, using ordinary routers as both the source and receiver.KASPERSKY.COM
13 MayFeds, Military Personnel Compete in President’s Cyber Cup ChallengeArtificially Intelligent — a team of four Army servicemembers and one from the Air Force — won the 2024 President’s Cyber Cup Challenge, a five-year-old competition open to federal government and U.S. military personnel.NEXTGOV.COM
13 MayApache OFBiz RCE Flaw Let Attackers Execute Malicious Code RemotelyMany businesses use enterprise resource planning (ERP) systems like Apache OFBiz. However, it has been found to have significant security holes that let attackers run harmful code from afar without being verified. Businesses that depend on Apache OFBiz for budgeting, human resour…GBHACKERS.COM
13 MayCyber Security Today, May 13, 2024 - Europol police portal hacked, report on Black Basta ransomware gang is released, and moreThis episode reports on a warning from security researchers about a VPN vulnerability, a suspected Russian threat actor using generative AI tools to plagiarize or modify legitimate news stories from mainstream media to pump pro-Russian themes, and moreCYBERSECURITYTODAY.LIBSYN.COM
13 MayPasswordless Authentication Standard FIDO2 Flaw Let Attackers Launch MITM AttacksFIDO2 (Fast Identity Online) is a passwordless authentication method developed by FIDO Alliance to prevent Man-in-the-Middle (MiTM) attacks, Phishing attacks, and session hijacking attacks. This FIDO2 authentication works using a physical or embedded key. However, this secure pas…GBHACKERS.COM
13 MaySevere Vulnerabilities in Cinterion Cellular Modems Pose Risks to Various IndustriesCybersecurity researchers have disclosed multiple security flaws in Cinterion cellular modems that could be potentially exploited by threat actors to access sensitive information and achieve code execution. "These vulnerabilities include critical flaws that permit remote code exe…THEHACKERNEWS.COM
13 May$2.5 Million Offered at Upcoming ‘Matrix Cup’ Chinese Hacking ContestThe Chinese hacking contest Matrix Cup is offering big rewards for exploits targeting OSs, smartphones, enterprise software, browsers, and security products. The post $2.5 Million Offered at Upcoming ‘Matrix Cup’ Chinese Hacking Contest appeared first on SecurityWeek …SECURITYWEEK.COM
13 MayLLMs’ Data-Control Path InsecurityBack in the 1960s, if you played a 2,600Hz tone into an AT&T pay phone, you could make calls without paying. A phone hacker named John Draper noticed that the plastic whistle that came free in a box of Captain Crunch cereal worked to make the right sound. That became his hack…SCHNEIER.COM
13 MayIntelBroker steals classified data from the Europol websiteThe EU’s law enforcement agency, Europol, has fallen victim to a data breach compromising sensitive, classified data on one of its web platforms, Europol Platform for Experts (EPE). According to a Europol statement to BleepingComputer, the breach affects a small group of individu…CSOONLINE.COM
13 May‘Got that boomer!’: How cyber-criminals steal one-time passcodes for SIM swap attacks and raiding bank accountsEstate is an invite-only website that has helped hundreds of attackers make thousands of phone calls aimed at stealing account passcodes, according to its leaked database. © 2024 TechCrunch. All rights reserved. For personal use only.TECHCRUNCH.COM
13 MayGoTo Meeting Software Abused to Deploy Remcos RAT via Rust Shellcode LoaderA recent malware campaign was found exploiting the GoTo Meeting software to deploy the Remcos RAT by using DLL sideloading to execute a malicious DLL file named g2m.dll through a Rust-based shellcode loader.GDATASOFTWARE.COM
13 MayCinterion Modem Flaws Pose Risk to Millions of Devices in Industrial, Other SectorsA critical vulnerability in the Cinterion cellular modems can be exploited for remote code execution via SMS messages. The post Cinterion Modem Flaws Pose Risk to Millions of Devices in Industrial, Other Sectors appeared first on SecurityWeek .SECURITYWEEK.COM
13 MayHelsinki suffers data breach after hackers exploit unpatched flawThe City of Helsinki is investigating a data breach in its education division, which it discovered in late April 2024, impacting tens of thousands of students, guardians, and personnel. [...]BLEEPINGCOMPUTER.COM
13 MayGoogle and Apple deliver support for unwanted tracking alerts in Android and iOSGoogle and Apple have worked together to create an industry specification – Detecting Unwanted Location Trackers – for Bluetooth tracking devices that makes it possible to alert users across both Android and iOS if such a device is unknowingly being used to track them. This will …SECURITY.GOOGLEBLOG.COM
13 MayApple Patch Day: Code Execution Flaws in iPhones, iPads, macOSApple documents another zero-day flaw being exploited on older iPhones and documents security problems in macOS, iOS and iPadOS. The post Apple Patch Day: Code Execution Flaws in iPhones, iPads, macOS appeared first on SecurityWeek .SECURITYWEEK.COM
13 MayINC ransomware source code selling on hacking forums for $300,000A cybercriminal using the name "salfetka" claims to be selling the source code of INC Ransom, a ransomware-as-a-service (RaaS) operation launched in August 2023. [...]BLEEPINGCOMPUTER.COM
13 MayFCC reveals Royal Tiger, its first tagged robocall threat actorThe Federal Communications Commission (FCC) has named its first officially designated robocall threat actor 'Royal Tiger,' a move aiming to help international partners and law enforcement more easily track individuals and entities behind repeat robocall campaigns. [...]BLEEPINGCOMPUTER.COM
13 MayApple backports fix for RTKit iOS zero-day to older iPhonesApple has backported security patches released in March to older iPhones and iPads, fixing an iOS Kernel zero-day tagged as exploited in attacks. [...]BLEEPINGCOMPUTER.COM
13 MayIdentity Resilience: The Next Frontier in Security - Ray Zadjmool - BSW #350In today's enterprises, the Identity Access Management (IAM) System is the key to a business' critical operations. But that IAM environment is more vulnerable than most security executives realize. Segment Resources: https://www.mightyid.com/articles/the-r-in-itdr-the-missing-pie…YOUTUBE.COM
13 MayApple backports fix for zero-day exploited in attacks to older iPhonesApple has backported security patches released in March to older iPhones and iPads, fixing an iOS zero-day tagged as exploited in attacks. [...]BLEEPINGCOMPUTER.COM
13 MayCISA Updates Toolkit with Nine New Resources to Promote Public Safety Communications and Cyber ResiliencySince its last update in February 2024, the Toolkit has been updated to Version 24.1 with nine new resources.CISA.GOV
📢 SECURITY ADVISORIES 11[−]
13 MayBlack Basta Ransomware Strikes 500+ Entities Across North America, Europe, and AustraliaThe Black Basta ransomware-as-a-service (RaaS) operation has targeted more than 500 private industry and critical infrastructure entities in North America, Europe, and Australia since its emergence in April 2022. In a joint advisory published by the Cybersecurity and Infrastructu…THEHACKERNEWS.COM
13 MayState Attorneys General Implore Congress Not to Preempt Their Privacy LawsFifteen state attorneys general on Wednesday called on Congress to prevent new federal comprehensive data privacy legislation from preempting 17 states’ existing or recently passed laws protecting consumer privacy.THERECORD.MEDIA
13 MayUS and China to Hold Discussions on AI Risks and SecurityBiden administration officials lowered expectations about the discussions during a call with reporters, saying the talks were "not focused on promoting any technical cooperation" between the two world superpowers on AI or emerging technologies.BANKINFOSECURITY.COM
🔥 INCIDENT REPORTING 19[−]
13 MayOhio Lottery Hacked: 500,000+ Customers Data ExposedA major cybersecurity breach happened at the Ohio Lottery, letting people into its private systems without permission. The breach wasn’t found until April 5, 2024, so the information of about 538,959 people was out in the open for months. People’s private personal inf…GBHACKERS.COM
13 MayExtracting data from encrypted virtual disks: six methodsFor incident responders, a variety of techniques for information retrieval from locked-up VMsSOPHOS.COM
13 MayFBCS Collection Agency Data Breach Impacts 2.7 MillionFinancial Business and Consumer Solutions (FBCS) says the personal information of 2.7 million was impacted in the recent data breach. The post FBCS Collection Agency Data Breach Impacts 2.7 Million appeared first on SecurityWeek .SECURITYWEEK.COM
13 MayBlack Basta Ransomware Hit Over 500 OrganizationsThe US government warns of Black Basta ransomware attacks targeting critical infrastructure organizations. The post Black Basta Ransomware Hit Over 500 Organizations appeared first on SecurityWeek .SECURITYWEEK.COM
13 MayHow Did Authorities Identify the Alleged Lockbit Boss?Last week, the United States joined the U.K. and Australia in sanctioning and charging a Russian man named Dmitry Yuryevich Khoroshev as the leader of the infamous LockBit ransomware group. LockBit's leader "LockBitSupp" claims the feds named the wrong guy, saying the charges don…KREBSONSECURITY.COM
13 May'The Mask' Espionage Group Resurfaces After 10-Year Hiatussubmitted by kid to cybersecurity 1 points | 0 comments https://www.darkreading.com/cyberattacks-data-breaches/-the-mask-espionage-group-resurfaces-after-10-year-hiatusDARKREADING.COM
13 MayCinterion IoT Cellular Modules Vulnerable to SMS CompromiseModules Widely Deployed in Manufacturing, Telecommunications and Healthcare Devices Multiple types of Telit Cinterion cellular modules for IoT and machine-to-machine devices, which are widely used across industrial, financial services, telecommunications and healthcare environmen…DATABREACHTODAY.CO.UK
13 MayThe 2024 Browser Security Report Uncovers How Every Web Session Could be a Security MinefieldWith the browser becoming the most prevalent workspace in the enterprise, it is also turning into a popular attack vector for cyber attackers. From account takeovers to malicious extensions to phishing attacks, the browser is a means for stealing sensitive dat…THEHACKERNEWS.COM
13 MayBlack Basta Ransomware Group's Worldwide Victim Count Tops 500The Black Basta ransomware group and its affiliates compromised hundreds of organizations worldwide between April 2022 and May 2024, according to a new report from several US government agencies.INFOSECURITY-MAGAZINE.COM
13 MayTycoon 2FA Attacking Microsoft 365 AND Google Users To Bypass MFATycoon 2FA, a recently emerged Phishing-as-a-Service (PhaaS) platform, targets Microsoft 365 and Gmail accounts, which leverage an Adversary-in-the-Middle (AitM) technique to steal user session cookies, bypassing multi-factor authentication (MFA) protections. By acting as an inte…GBHACKERS.COM
13 MayScattered Spider Attacking Finance & Insurance Industries WorldWideHackers very frequently target the finance and insurance sectors due to the large volumes of sensitive data that they own. These areas manage huge quantities of valuable as well as critical financial information, personal identities, and intellectual property. When their system i…GBHACKERS.COM
13 MayEasy Passwords, BIG-IP, Ascension, Lockbit, Google, Poland, ZScaler, Aaran Leyland... - SWN #385Easy Passwords, BIG-IP, Ascension, Lockbit, Google, Poland, ZScaler, Aaran Leyland, and More, on this edition of the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-385YOUTUBE.COM
13 MayEuropol Investigating Breach After Hacker Offers to Sell Classified DataEuropol is investigating a data breach, but says no core systems are impacted and no operational data has been compromised. The post Europol Investigating Breach After Hacker Offers to Sell Classified Data appeared first on SecurityWeek .SECURITYWEEK.COM
13 MayBotnet sent millions of emails with LockBit Black ransomware payloads​Since April, a new large-scale LockBit Black ransomware campaign has sent millions of phishing emails via the Phorpiex botnet. [...]BLEEPINGCOMPUTER.COM
13 MayBotnet sent millions of emails in LockBit Black ransomware campaignSince April, millions of phishing emails have been sent through the Phorpiex botnet to conduct a large-scale LockBit Black ransomware campaign. [...]BLEEPINGCOMPUTER.COM
13 MayFeds, Groups Warn Health Sector of Black Basta ThreatsAdvisories Come As Black Basta Appears Responsible for Ascension Ransomware Attack U.S. federal authorities warn that the Russian-speaking ransomware group Black Basta is actively targeting American critical infrastructure amid reports that it's behind the ransomware attack on ho…DATABREACHTODAY.CO.UK
13 MayHuman Risk Crisis: 8% of Employees Cause 80% of IncidentsMimecast's Masha Sedova on Using a Metrics-Driven Approach to Mitigate Human Risk More than two-thirds of breaches involve the human element. Traditional security awareness initiatives, often fixated on training participation and engagements, are inadequate in mitigating incident…DATABREACHTODAY.CO.UK
🕵️ THREAT INTELLIGENCE 21[−]
13 MayISC Stormcast For Monday, May 13th, 2024 https://isc.sans.edu/podcastdetail/8978, (Mon, May 13th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
13 MayUS and China to Hold Discussions on AI Risks and SecurityWhite House Announces High-Level Talks With Beijing on Advanced AI Systems Senior White House officials will hold a series of high-level conversations with Chinese counterparts on the security and risks associated with advanced artificial intelligence systems, U.S. officials told…DATABREACHTODAY.CO.UK
13 MayNmap 7.95 released – What’s New!Nmap’s version 7.95 emerges as a testament to the relentless efforts of its development team, spearheaded by the renowned Gordon Fyodor Lyon. The update showcases the remarkable processing of over 6,500 new OS and service detection fingerprints, underscoring the tool’…GBHACKERS.COM
13 MayDebate rages over DMCA Section 1201 exemption for generative AIThe Digital Millennium Copyright Act (DMCA) is a federal law that protects copyright holders from online theft. The DMCA covers music, movies, text and anything else under copyright. The DMCA also makes it illegal to hack technologies that copyright owners use to protect their wo…SECURITYINTELLIGENCE.COM
13 MayPro-Russia hackers targeted Kosovo government websitessubmitted by kid to cybersecurity 1 points | 0 comments https://securityaffairs.com/163041/hacking/pro-russia-hackers-targeted-kosovo.htmlSECURITYAFFAIRS.COM
13 MayRussian Hackers Hijack Ukrainian TV to Broadcast Victory Day ParadeRussia-aligned hackers hijacked several Ukrainian television channels on Thursday to broadcast a Victory Day parade in Moscow, commemorating the defeat of Nazi Germany in World War II.THERECORD.MEDIA
13 MayReality Hijacked: Deepfakes, GenAI, and the Emergent Threat of Synthetic Media"Reality Hijacked" isn't just a title—it's a wake-up call. The advent and acceleration of GenAI is redefining our relationship with 'reality' and challenging our grip on the truth.KNOWBE4.COM
13 MayUntangling IT-OT Security Knots with a Zero Trust Platform ApproachIndustrial enterprises can address complex challenges by integrating IT and OT security, using a unified platform built on Zero Trust principles. The post Untangling IT-OT Security Knots with a Zero Trust Platform Approach appeared first on Palo Alto Networks Blog .PALOALTONETWORKS.COM
13 MayMentorship Monday - Discussions for career and learning!submitted by shellsharks to cybersecurity 2 points | 0 comments Weekly thread for any and all career, learning and general guidance questions. Thinking of taking a training or going for a cert? Wondering how to level up your career? Wondering what NOT to do? Got other questions? …INFOSEC.PUB
13 May‘Russian’ Hackers Deface Potentially Hundreds of Local British News SitesThe group published a breaking news story titled “PERVOKLASSNIY RUSSIAN HACKERS ATTACK” on the sites of titles owned by Newsquest Media Group. There is no evidence the story was reproduced in print.THERECORD.MEDIA
13 MayCyberthreat Landscape Permanently Altered by Chinese Operations, US Officials SayUS officials say that a notorious Chinese hacking operation named Volt Typhoon has permanently altered the cyberthreat landscape by moving beyond traditional nation-state espionage goals and instead aiming to cause disruption and sow societal panic.THERECORD.MEDIA
13 MayNATO Draws a Cyber Red Line in Tensions With RussiaWeakening liberal democracies and weakening the NATO alliance are conjoined in the hybrid war that Russia is conducting against Ukraine. The post NATO Draws a Cyber Red Line in Tensions With Russia appeared first on SecurityWeek .SECURITYWEEK.COM
13 MayNews alert: Criminal IP and Quad9 collaborate to exchange domain and IP threat intelligenceTorrance, Calif., May 13, 2024, CyberNewsWire — Criminal IP, a renowned Cyber Threat Intelligence (CTI) search engine developed by AI SPERA, has recently signed a technology partnership to exchange threat intelligence data based on domains and potentially on the IP … …LASTWATCHDOG.COM
13 MayNew alert: Logicalis enhances global security services with the launch of Intelligent SecurityLondon, United Kingdom, May 13, 2024, CyberNewsWire — Logicalis, the global technology service provider delivering next-generation digital managed services, has today announced the launch of Intelligent Security, a blueprint approach to its global security portfolio designe…LASTWATCHDOG.COM
13 MayCriminal IP and Quad9 Collaborate to Exchange Domain and IP Threat IntelligenceCriminal IP, a renowned Cyber Threat Intelligence (CTI) search engine developed by AI SPERA, has recently signed a technology partnership to exchange threat intelligence data based on domains and potentially on the IP address to protect users by blocking threats to end users.…GBHACKERS.COM
13 MayLogicalis Enhances Global Security Services with The Launch of Intelligent SecurityLogicalis, the global technology service provider delivering next-generation digital managed services, has today announced the launch of Intelligent Security, a blueprint approach to its global security portfolio designed to deliver proactive advanced security for customers world…GBHACKERS.COM
13 MayHackers use DNS tunneling for network scanning, tracking victimsThreat actors are using Domain Name System (DNS) tunneling to track when their targets open phishing emails and click on malicious links, and to scan networks for potential vulnerabilities. [...]BLEEPINGCOMPUTER.COM
13 MayChina and US Envoys Will Hold First Top-Level Dialogue on Artificial IntelligenceChina’s official Xinhua news agency said the two sides would take up issues including the technological risks of AI and global governance. The post China and US Envoys Will Hold First Top-Level Dialogue on Artificial Intelligence appeared first on SecurityWeek .SECURITYWEEK.COM
13 MayDefenders' Dilemma: Can AI Bolster Cyber Resilience?Visa's Subra Kumaraswamy on Threat Detection, AI and Third-Party Supply Chain Risk Subra Kumaraswamy, senior vice president and CISO at Visa, discusses how organizations can bolster cyber resilience by using strategic deployment of AI to enhance threat detection capabilities, for…DATABREACHTODAY.CO.UK
13 MayHow 'Radical Transparency' Can Bolster CybersecurityEx-DHS Official Suzanne Spaulding and Jim Richberg of Fortinet on Critical Concepts The concept of "responsible radical transparency" plays a critical role in efforts to improve the state of cybersecurity, said Suzanne Spaulding, former undersecretary, Department of Homeland Secu…DATABREACHTODAY.CO.UK
13 MayMicrosoft is again named a Leader in the 2024 Gartner® Magic Quadrant™ for Security Information and Event Management​​Microsoft is named a Leader in the 2024 Gartner® Magic Quadrant™ for Security Information and Event Management and positioned based on our Ability to Execute Completeness of vision. The post Microsoft is again named a Leader in the 2024 Gartner® Magic Quadrant™ for Security Infor…MICROSOFT.COM
🌐 CYBER THREAT LANDSCAPE 4[−]
13 MaySelfie Spoofing Becomes Popular Identity Document Fraud TechniqueSelfie spoofing and document image-of-image fraud have become the most prevalent identity document fraud techniques, with older demographics being targeted at nearly four times the rate, according to Socure.HELPNETSECURITY.COM
13 MayRSAC: Experts Highlight Novel Cyber Threats and TacticsCybersecurity experts at the RSA Conference highlighted the growing sophistication of cyber threats, including the expanding attack surface, identity-based attacks leveraging AI-generated deepfakes, and the use of generative AI to create malware.INFOSECURITY-MAGAZINE.COM
13 MayMITRE Unveils EMB3D: A Threat-Modeling Framework for Embedded DevicesThe MITRE Corporation has officially made available a new threat-modeling framework called EMB3D for makers of embedded devices used in critical infrastructure environments. "The model provides a cultivated knowledge base of cyber threats to embedded devices, providing …THEHACKERNEWS.COM
13 MayPyPi package backdoors Macs using the Sliver pen-testing suiteA new package mimicked the popular 'requests' library on the Python Package Index (PyPI) to target macOS devices with the Sliver C2 adversary framework, used for gaining initial access to corporate networks. [...]BLEEPINGCOMPUTER.COM
📡 INFOSEC NEWS 14[−]
13 MayMalicious Python Package Hides Sliver C2 Framework in Fake Requests Library LogoCybersecurity researchers have identified a malicious Python package that purports to be an offshoot of the popular requests library and has been found concealing a Golang-version of the Sliver command-and-control (C2) framework within a PNG image of the proje…THEHACKERNEWS.COM
13 MayFIN7 Uses Trusted Brands and Sponsored Google Ads to Distribute MSIX PayloadsThe financially motivated group FIN7 has been observed leveraging malicious Google ads that impersonate legitimate brands to deliver NetSupport RAT, highlighting the ongoing threat of malvertising and the abuse of signed MSIX files by cybercriminals.ESENTIRE.COM
13 MayMalicious Go Binary Delivered via Steganography in PyPIThe malicious package, called "requests-darwin-lite", was a fork of the popular "requests" Python package. The attacker used the cmdclass feature in the setup.py file to customize the package installation process.PHYLUM.IO
13 MayAI-Powered Russian Network Pushes Fake Political NewsSecurity researchers have discovered a major new Russian disinformation campaign using generative AI (GenAI) to “plagiarize and weaponize” content from major news organizations, in a bid to influence Western voters.INFOSECURITY-MAGAZINE.COM
13 MayGenAI Enables Cybersecurity Leaders to Hire More Entry-Level TalentAroudn 93% of security leaders said public GenAI was in use across their respective organizations, and 91% reported using GenAI specifically for cybersecurity operations, according to Splunk.HELPNETSECURITY.COM
13 MaySHQ Response Platform and Risk Centre to Enable Management and Analysts AlikeIn the last decade, there has been a growing disconnect between front-line analysts and senior management in IT and Cybersecurity. Well-documented challenges facing modern analysts revolve around a high volume of alerts, false positives, poor visibility of technical environments,…THEHACKERNEWS.COM
13 MayResearchers Use MITM Attack to Bypass FIDO2 Phishing-Resistant ProtectionThe passwordless authentication standard FIDO2 has a critical flaw that allows attackers to launch Man-in-the-Middle (MitM) attacks and bypass authentication, gaining access to users' private areas and potentially removing their registered devices.SILVERFORT.COM
13 MayNmap 7.95 Released With New OS and Service Detection SignaturesNmap 7.95 introduces a substantial update with 336 new signatures, expanding the total to 6,036. Notable additions include support for the latest iOS versions 15 & 16, macOS Ventura & Monterey, Linux 6.1, OpenBSD 7.1, and lwIP 2.2.HELPNETSECURITY.COM
13 MayUK's AI Safety Institute Unveils Platform to Accelerate Safe AI DeveloThe platform, called Inspect, is set to pave the way for the safe innovation of AI models, according to the AI Safety Institute and Department for Science, Innovation and Technology (DIST).INFOSECURITY-MAGAZINE.COM
13 MayHow Secure is the “Password Protection” on Your Files and Drives?Password protection alone is not enough to securely protect files and drives, as it can be easily circumvented, and hardware-based encryption is recommended for robust data security.HELPNETSECURITY.COM
13 MayDownload the SASE and SSE enterprise buyer’s guideThese two related technologies — Secure Access Service Edge (SASE) and Secure Service Edge (SSE) — address a new set of challenges that enterprise IT faces as employees shifted to remote work and applications migrated to the cloud. Enterprise Buyer’s Guides, Network Security, Rem…US.RESOURCES.CSOONLINE.COM
13 MayPrison for cybersecurity expert selling private videos from inside 400,000 homesA Korean cybersecurity expert has been sentenced to prison for illegally accessing and distributing private photos and videos from vulnerable "wallpad" cameras in 400,000 private households. Read more in my article on the Hot for Security blog.BITDEFENDER.COM