94Articles
10Categories
2024-09-12Date
🚨 CISA KEV 1[−]
12 Sep KEVApplication detection and response is the gap-bridging technology we needThe concept of detection and response is far from new in cybersecurity — in fact, it’s a core part of the NIST Cybersecurity Framework (CSF) and a fundamental part of any sound cybersecurity program. You must be able to both detect threats and malicious activity and respond to th…CSOONLINE.COM
🐛 COMMON VULNERABILITIES AND EXPOSURES 5[−]
12 SepProtecting Against RCE Attacks Abusing WhatsUp Gold VulnerabilitiesIn this blog entry, we provide an analysis of the recent remote code execution attacks related to Progress Software’s WhatsUp Gold that possibly abused the vulnerabilities CVE-2024-6670 and CVE-2024-6671.TRENDMICRO.COM
12 SepMicrosoft Fixes Windows Smart App Control Zero-Day Exploited Since 2018Threat actors have been using this flaw, now labeled as CVE-2024-38217, to bypass Smart App Control and MotW security features to run potentially dangerous applications without warnings.BLEEPINGCOMPUTER.COM
12 SepHackers Exploiting Progress WhatsUp RCE Vulnerability In The WildRCE attacks on WhatsUp Gold exploited the Active Monitor PowerShell Script to execute malicious code, as the vulnerabilities CVE-2024-6670 and CVE-2024-6671, patched on August 16, were leveraged to execute remote access tools and gain persistence. Despite the availability of patc…GBHACKERS.COM
12 SepGitLab warns of critical pipeline execution vulnerabilityGitLab has released critical updates to address multiple vulnerabilities, the most severe of them (CVE-2024-6678) allowing an attacker to trigger pipelines as arbitrary users under certain conditions. [...]BLEEPINGCOMPUTER.COM
12 SepUrgent: GitLab Patches Critical Flaw Allowing Unauthorized Pipeline Job ExecutionGitLab on Wednesday released security updates to address 17 security vulnerabilities, including a critical flaw that allows an attacker to run pipeline jobs as an arbitrary user. The issue, tracked as CVE-2024-6678, carries a CVSS score of 9.9 out of a maximum of 10.0 "An issue w…THEHACKERNEWS.COM
⚠️ VULNERABILITY DISCLOSURE 21[−]
12 SepOracle adds Zero Trust Packet Routing capability to its cloud platformOracle has added a new zero trust capability to its cloud platform which it says prevents corporate data from being inadvertently exposed through network misconfigurations. Zero Trust Packet Routing for Oracle Cloud Infrastructure (OCI) enables organizations to set security attri…CSOONLINE.COM
12 SepWordPress Mandates Two-Factor Authentication for Plugin and Theme DevelopersWordPress.org has announced a new account security measure that will require accounts with capabilities to update plugins and themes to activate two-factor authentication (2FA) mandatorily. The enforcement is expected to come into effect starting October 1, 2024. "Accounts with c…THEHACKERNEWS.COM
12 Sep5G and SASE: Reimagining WAN InfrastructureCellular connectivity was often relegated to a failover connection option. Because of its mobile or remote nature, 5G was used as a primary connection for vehicle fleets, IoT devices, and remote workers in places where wired broadband wouldn’t work or couldn’t be obtained. But th…CSOONLINE.COM
12 SepThe 18 biggest data breaches of the 21st centuryIn today’s data-driven world, data breaches can affect hundreds of millions or even billions of people at a time. Digital transformation has increased the supply of data moving, and data breaches have scaled up with it as attackers exploit the data-dependencies of daily life. How…CSOONLINE.COM
12 SepExploiting CI/CD Pipelines for Fun and ProfitOn September 8, 2024, a significant exploit chain was discovered, starting from a publicly exposed . git directory, leading to a full server takeover. The vulnerabilities stem from websites exposing their . git folders.RAZZSECURITY.COM
12 SepMicrosoft Discloses Four Zero-Days in September UpdateMicrosoft recently revealed four zero-day vulnerabilities in its September update, part of the Patch Tuesday release containing 79 vulnerabilities, making it the fourth-largest release of the year.DARKREADING.COM
12 SepInc Ransom Attack Analysis: Extortion MethodologiesThe attack lifecycle involved initial access gained through a firewall vulnerability, followed by enumeration of network shares and lateral movement using Impacket and pass-the-hash attacks.RELIAQUEST.COM
12 SepCosmicBeetle Exploiting Old Vulnerabilities To Attacks SMBs All Over The WorldCosmicBeetle, a threat actor specializing in ransomware, has recently replaced its old ransomware, Scarab, with ScRansom, a custom-built ransomware that continues to evolve.  The threat actor has been actively targeting SMBs worldwide, exploiting vulnerabilities to gain acce…GBHACKERS.COM
12 SepNew Loki Backdoor Attacking macOS SystemsCody Thomas developed Apfell, an open-source macOS post-exploitation framework, in 2018 and evolved into Mythic, a cross-platform framework that addresses the limitations of existing tools.  Mythic provides a unified interface for managing agents written in various languages…GBHACKERS.COM
12 SepGlobal Cybersecurity Workforce Growth Flatlines, Stalling at 5.5 Million ProsAccording to ISC2, the global cybersecurity workforce growth has stagnated at 5. 5 million professionals, increasing by just 0. 1% in a year, marking the sector's first stall since 2019.CYBERSECURITYDIVE.COM
12 SepTransport for London continues to struggle with cyber attackTransport for London, which manages public transport for the British capital, continues to experience technical disruptions from a cyberattack on September 1. It reported the cyberattack at the beginning of September and since then has been working with government agencies includ…CSOONLINE.COM
12 SepCritical Vulnerabilities in JPEG 2000 Library Let Attackers Execute Remote CodeExploiting memory corruption vulnerabilities in server-side software often requires knowledge of the binary and environment, which limits the attack surface, especially for unknown binaries and load-balanced environments.  Successful exploitation is challenging due to the di…GBHACKERS.COM
12 SepCisco Releases Security Updates for IOS XR SoftwareCisco released security updates to address vulnerabilities in Cisco ISO XR software. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system.  CISA encourages users and administrators to review the following advisories and apply…CISA.GOV
12 SepCISA Releases Twenty-Five Industrial Control Systems AdvisoriesCISA released twenty-five Industrial Control Systems (ICS) advisories on September 12, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-256-01 Siemens SINEMA Remote Connect Server ICSA-24-256-0…CISA.GOV
12 SepAdobe Releases Security Updates for Multiple ProductsAdobe released security updates to address multiple vulnerabilities in Adobe software. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system.    CISA encourages users and administrators to review the following Adobe Secur…CISA.GOV
12 Sepcorp I did not know had my data was breached; then they offer to have a privacy abuser (Cloudflare) MitM credit monitoring txns. WTF?!submitted by soloActivist to cybersecurity 1 points | 0 comments Apparently some company I do business with shared my data with another corp without me knowing, then that corp who I did not know had my data was breached. WTF? Then the breached corp who could not competently secur…INFOSEC.PUB
12 SepHackers targeting WhatsUp Gold with public exploit since AugustHackers have been leveraging publicly available exploit code for two critical vulnerabilities in the WhatsUp Gold network availability and performance monitoring solution from Progress Software. [...]BLEEPINGCOMPUTER.COM
12 SepFake recruitment campaign targets developers using trojanized Python packagesThe number of attacks looking to compromise developer machines has exploded in recent years. There has been a barrage of malicious packages uploaded to public registries such as PyPi and npm, sophisticated attempts by APT groups to infiltrate popular projects and make malicious c…CSOONLINE.COM
12 SepNew Android Malware 'Ajina.Banker' Steals Financial Data and Bypasses 2FA via TelegramBank customers in the Central Asia region have been targeted by a new strain of Android malware codenamed Ajina.Banker since at least November 2024 with the goal of harvesting financial information and intercepting two-factor authentication (2FA) messages. Singapore-headquartered…THEHACKERNEWS.COM
12 SepBreach Roundup: Mexico in Hacker SpotlightAlso: Critical WHOIS Vulnerability Exposes Internet Security Flaw in .mobi Domains This week, cyberthreats rising in Mexico; FBI warned of BEC scams; U.K. police arrested hacking suspect; Avis, Slim CD, Medicare and Fortinet disclosed breaches; Highline public schools reopened af…DATABREACHTODAY.CO.UK
12 SepGPS Modernization Stalls as Pentagon Faces Chip ShortagesNew Report Warns of Continued Delays and Deficiencies in Federal GPS Modernization The Space Force is suffering from years of delays, setbacks and shortcomings in its Global Positioning System modernization program, according to a Government Accountability Office report, which fo…DATABREACHTODAY.CO.UK
📋 SECURITY BULLETINS 3[−]
12 SepAs quantum computing threats loom, Microsoft updates its core crypto librarysubmitted by BrikoX to cybersecurity 1 points | 0 comments https://arstechnica.com/security/2024/09/microsoft-adds-quantum-resistant-algorithms-to-its-core-crypto-library/ Two algorithms added so far, two more planned in the coming months.ARSTECHNICA.COM
12 SepSeptember Patch Tuesday addresses 79 CVEsSeven critical-severity vulnerabilities addressed, including an extraordinary (but narrow) Windows Update flawSOPHOS.COM
12 SepCisco Patches High-Severity Vulnerabilities in Network Operating SystemCisco has announced security updates that patch eight vulnerabilities in IOS XR software, including six high-severity bugs. The post Cisco Patches High-Severity Vulnerabilities in Network Operating System appeared first on SecurityWeek .SECURITYWEEK.COM
📢 SECURITY ADVISORIES 9[−]
12 SepIranian Cyber Group OilRig Targets Iraqi Government in Sophisticated Malware AttackIraqi government networks have emerged as the target of an "elaborate" cyber attack campaign orchestrated by an Iran state-sponsored threat actor called OilRig. The attacks singled out Iraqi organizations such as the Prime Minister's Office and the Ministry of Foreign Affairs, cy…THEHACKERNEWS.COM
12 SepIreland's Watchdog Launches Inquiry into Google's AI Data Practices in EuropeThe Irish Data Protection Commission (DPC) has announced that it has commenced a "Cross-Border statutory inquiry" into Google's foundational artificial intelligence (AI) model to determine whether the tech giant has adhered to data protection regulations in the region when proces…THEHACKERNEWS.COM
12 SepDockerSpy: Search for Images on Docker Hub, Extract Sensitive InformationCreated to combat data leaks within publicly available Docker images, DockerSpy automates the process of scanning for secrets to enhance security and compliance. Its scanning engine can identify various secret types and provides detailed analysis.HELPNETSECURITY.COM
12 SepMicrosoft Is Adding New Cryptography AlgorithmsMicrosoft is updating SymCrypt , its core cryptographic library, with new quantum-secure algorithms. Microsoft’s details are here . From a news article : The first new algorithm Microsoft added to SymCrypt is called ML-KEM. Previously known as CRYSTALS-Kyber, ML-KEM is one …SCHNEIER.COM
12 SepRecent Cyber Security Laws & Regulations - Lee Kim - PSW #842Lee comes on the show to discuss: * EU CRA - https://en.wikipedia.org/wiki/Cyber_Resilience_Act - its impact on bringing products to market and the challenges of enforcing such laws that require products to be "Secure" * Recent legislation on disputes for federal agency fines - C…YOUTUBE.COM
12 SepCryptohack Roundup: $20.5M Indodax TheftAlso: Angel Drainer Resurfaces; Russia's Sanctions Evasion Ploy This week, Indodax was hacked, Angel Drainer resurfaced, Russia developed Infra crypto, GS Partners settled with U.S. states, Caroline Ellison to be sentenced Sept. 24, FCA prosecuted first unregistered crypto case, …DATABREACHTODAY.CO.UK
🔥 INCIDENT REPORTING 9[−]
12 SepNew Developer-As-A-Service In Hacking Forums Empowering Phishing And CyberattacksSCATTERED SPIDER, a ransomware group, leverages cloud infrastructure and social engineering to target insurance and financial institutions by using stolen credentials, SIM swaps, and cloud-native tools to gain and maintain access, impersonating employees to deceive victims. …GBHACKERS.COM
12 SepNew PIXHELL Acoustic Attack Leaks Secrets From LCD Screen NoiseNew acoustic attack named 'PIXHELL' can leak secrets from air-gapped systems through LCD monitors without speakers. Malware modulates pixel patterns to induce noise in the 0-22 kHz range, allowing data exfiltration up to 2 meters at 20 bps.BLEEPINGCOMPUTER.COM
12 SepHealthcare Provider to Pay $65M Settlement Following Ransomware AttackLehigh Valley Health Network has agreed to pay a $65 million settlement in a class-action suit filed over a 2023 data breach. The post Healthcare Provider to Pay $65M Settlement Following Ransomware Attack appeared first on SecurityWeek .SECURITYWEEK.COM
12 SepAmateurish 'CosmicBeetle' Ransomware Stings Turkish SMBssubmitted by kid to cybersecurity 1 points | 0 comments https://www.darkreading.com/cyberattacks-data-breaches/amateurish-cosmicbeetle-ransomware-targets-smbs-turkeyDARKREADING.COM
12 SepNew RansomHub Attack Uses TDSSKiller and LaZagne, Disables EDRThe RansomHub ransomware gang has been found using Kaspersky's TDSSKiller tool to disable EDR software on target systems, allowing for credential harvesting with LaZagne.THREATDOWN.COM
12 SepTransport for London confirms customer data stolen in cyberattackTransport for London (TfL) has determined that the cyberattack on September 1 impacts customer data, including names, contact details, email addresses, and home addresses. [...]BLEEPINGCOMPUTER.COM
12 SepUK arrests teen linked to Transport for London cyber attackU.K.'s National Crime Agency says it arrested a 17-year-old teenager who is suspected of being connected to the cyberattack on Transport for London, the city's public transportation agency. [...]BLEEPINGCOMPUTER.COM
12 SepFortinet confirms data breach after hacker claims to steal 440GB of filesCybersecurity giant Fortinet has confirmed it suffered a data breach after a threat actor claimed to steal 440GB of files from the company's Microsoft Sharepoint server. [...]BLEEPINGCOMPUTER.COM
12 SepUK Labels Data Centers as Critical National InfrastructureBritish Government Says Data Centers Are 'Essential for Functioning of Society' The U.K. government on Thursday designated data centers as part of its critical national infrastructure in a move intended to prevent the loss of sensitive user data during disruptive cyberattacks. A …DATABREACHTODAY.CO.UK
🕵️ THREAT INTELLIGENCE 25[−]
12 SepHygiene, Hygiene, Hygiene! [Guest Diary], (Wed, Sep 11th)[This is a Guest Diary by Paul Olson, an ISC intern as part of the SANS.edu BACS program] ISC.SANS.EDU
12 SepGoogle’s AI Model Faces European Union Scrutiny From Privacy WatchdogIreland’s Data Protection Commission said it has opened an inquiry into Google’s Pathways Language Model 2, also known as PaLM2. The post Google’s AI Model Faces European Union Scrutiny From Privacy Watchdog appeared first on SecurityWeek .SECURITYWEEK.COM
12 SepCriminal IP Teams Up with IPLocation.io to Deliver Unmatched IP Solutions to Global AudiencesCriminal IP, a distinguished leader in Cyber Threat Intelligence (CTI) search engine developed by AI SPERA, announced that it has successfully integrated its IP address-related risk detection data with IPLocation.io, one of the most visited IP analysis and lookup tools on the int…GBHACKERS.COM
12 SepNews alert: Opus Security’s new ‘Advanced Multi-Layered Prioritization Engine’ elevates VMPalo Alto, Calif., Sept.11, 2024, CyberNewsWire — Opus Security , the leader in unified cloud-native remediation, today announced the launch of its Advanced Multi-Layered Prioritization Engine , designed to revolutionize how organizations manage, prioritize and remediate se…LASTWATCHDOG.COM
12 SepNews alert: Criminal IP partners with IPLocation.io to deliver new tech to mitigate IP address evasionTorrance, Calif., Sept. 11, 2024, CyberNewsWire — Criminal IP , a distinguished leader in Cyber Threat Intelligence (CTI) search engine developed by AI SPERA, announced that it has successfully integrated its IP address-related risk detection data with IPLocation.io, one of…LASTWATCHDOG.COM
12 SepHackers Mimic Google, Microsoft & Amazon Domains for Phishing AttacksPhishing remains a significant concern for both individuals and organizations. Recent findings from ThreatLabz have highlighted the alarming prevalence of phishing attacks targeting major brands, with Google, Microsoft, and Amazon emerging as the top three most impersonated compa…GBHACKERS.COM
12 SepToneShell Backdoor Targets IISS Defence Summit Attendees in Latest Espionage CampaignThe ToneShell backdoor, attributed to the Mustang Panda cyber espionage group, has resurfaced in a new attack targeting attendees of the 2024 IISS Defence Summit in Prague.SECURITYONLINE.INFO
12 SepApple Vision Pro’s Eye Tracking Exposed What People Typesubmitted by BrikoX to cybersecurity 1 points | 0 comments https://www.wired.com/story/apple-vision-pro-persona-eye-tracking-spy-typing/ The Vision Pro uses 3D avatars on calls and for streaming. These researchers used eye tracking to work out the passwords and PINs people typed …WIRED.COM
12 SepIranian Hackers Targeting Iraqi Government: Security FirmHackers believed to be operating on behalf of the Iranian government have deployed malware to Iraqi government networks. The post Iranian Hackers Targeting Iraqi Government: Security Firm appeared first on SecurityWeek .SECURITYWEEK.COM
12 SepThreat Actors Using New Malware Toolkit That Involves IIS Backdoor, DNS TunnelingThe Iranian threat actor APT34, also known as GreenBug, has recently launched a new campaign targeting Iraqi government entities by employing a custom toolset, including a novel IIS backdoor and DNS tunneling protocol. The malware used in this campaign shares similarities with pr…GBHACKERS.COM
12 SepHow I got started: AI security executiveArtificial intelligence and machine learning are becoming increasingly crucial to cybersecurity systems. Organizations need professionals with a strong background that mixes AI/ML knowledge with cybersecurity skills, bringing on board people like Nicole Carignan, Vice President o…SECURITYINTELLIGENCE.COM
12 SepEvasion Tactics Used By Cybercriminals To Fly Under The RadarRelentless in their methods, attackers will continue employing evasion tactics to circumvent traditional security measures. The post Evasion Tactics Used By Cybercriminals To Fly Under The Radar appeared first on SecurityWeek .SECURITYWEEK.COM
12 SepPalo Alto Networks Patches Dozens of VulnerabilitiesPalo Alto Networks has fixed medium- and high-severity vulnerabilities in PAN-OS, Cortex XDR, ActiveMQ Content Pack, and Prisma Access Browser. The post Palo Alto Networks Patches Dozens of Vulnerabilities appeared first on SecurityWeek .SECURITYWEEK.COM
12 SepNon-Human IAM Provider Aembit Raises $25 MillionAembit has raised $25 million in Series A funding to protect non-human identities and minimize attack surface. The post Non-Human IAM Provider Aembit Raises $25 Million appeared first on SecurityWeek .SECURITYWEEK.COM
12 SepMastercard to Acquire Threat Intelligence Firm Recorded Future for $2.6 BillionFinancial services giant Mastercard is acquiring Recorded Future from private equity firm Insight Partners for $2.6 billion. The post Mastercard to Acquire Threat Intelligence Firm Recorded Future for $2.6 Billion appeared first on SecurityWeek .SECURITYWEEK.COM
12 SepRealm.Security Emerges From Stealth With $5 Million in Seed FundingRealm.Security has emerged from stealth with $5 million in funding and a solution that helps organizations manage security data. The post Realm.Security Emerges From Stealth With $5 Million in Seed Funding appeared first on SecurityWeek .SECURITYWEEK.COM
12 SepAembit Raises $25 Million in Series A Funding for Non-Human Identity and Access ManagementThe investment will drive the company’s advancement of scalable workload access management for enterprises Aembit, the leading non-human identity and access management (IAM) company, has secured $25 million in Series A funding, bringing its total capital raised to nearly $45 mill…GBHACKERS.COM
12 SepMastercard to Acquire Threat Intel Firm Recorded Future for $2.65 BillionIn a strategic move to bolster its cybersecurity capabilities, Mastercard has announced an agreement to acquire Recorded Future, a leading global threat intelligence company, for $2.65 billion. This acquisition, from Insight Partners, aims to enhance Mastercard’s existing s…GBHACKERS.COM
12 SepMastercard Buys Threat Intel Firm Recorded Future for $2.65BDeal Will Help Mastercard Offer Greater Protection, Trust for Digital Transactions Mastercard plans to buy threat intelligence firm Recorded Future for $2.65 billion to enhance cyber resilience and offer greater protection and trust around digital transactions. The deal will enha…DATABREACHTODAY.CO.UK
12 SepNews alert: Aembit raises $25M Series A funding for non-human Identity and Access ManagementSilver Spring, MD, Sept.12, 2024, CyberNewsWire – – Aembit , the leading non-human identity and access management (IAM) company, has secured $25 million in Series A funding, bringing its total capital raised to nearly $45 million. Acrew Capital led the … (more…)…LASTWATCHDOG.COM
12 SepWifi Vulns, Yubikeys, and Firmware - PSW #842Don't tell the FCC there is a new Flipper firmware release, unpatchable?, argv[0] and sneaking past defenses, protect your registries, someone solved my UART RX problem, PKFail update, legal threats against security researchers documented, EDR bypass whack-a-mole continues, emula…YOUTUBE.COM
12 SepNew Chrome Features Protect Users Against Threats, Provide More Control Over Personal DataGoogle is rolling out new features in Chrome to better protect users online and to improve their control over personal data. The post New Chrome Features Protect Users Against Threats, Provide More Control Over Personal Data appeared first on SecurityWeek .SECURITYWEEK.COM
12 SepOperant AI Lands $10M Investment to Boost Runtime Protection for Cloud and AIOperant AI, a startup specializing in runtime protection for cloud applications, APIs, and AI systems, secures new $10 million investment. The post Operant AI Lands $10M Investment to Boost Runtime Protection for Cloud and AI appeared first on SecurityWeek .SECURITYWEEK.COM
12 SepKernel Mode Under the Microscope at Windows Security SummitCompany Focused on Safe Deployment Practices, Reducing Kernel Mode Dependencies Cutting kernel mode dependencies and adopting safe deployment practices will make endpoint systems more resilient and secure for Windows customers. Tuesday's meeting came two months after a faulty Cro…DATABREACHTODAY.CO.UK
12 SepNew Vo1d malware infects 1.3 million Android streaming boxesThreat actors have infected over 1.3 million TV streaming boxes running Android with a new Vo1d backdoor malware, allowing the attackers to take full control of the devices. [...]BLEEPINGCOMPUTER.COM
🌐 CYBER THREAT LANDSCAPE 5[−]
12 SepTop 3 Threat Report Insights for Q2 2024Cato CTRL (Cyber Threats Research Lab) has released its Q2 2024 Cato CTRL SASE Threat Report. The report highlights critical findings based on the analysis of a staggering 1.38 trillion network flows from more than 2,500 of Cato’s global customers, between April and June 2024. Ke…THEHACKERNEWS.COM
12 SepBeware: New Vo1d Malware Infects 1.3 Million Android TV Boxes WorldwideNearly 1.3 million Android-based TV boxes running outdated versions of the operating system and belonging to users spanning 197 countries have been infected by a new malware dubbed Vo1d (aka Void). "It is a backdoor that puts its components in the system storage area and, when co…THEHACKERNEWS.COM
12 SepWordPress plugin and theme developers told they must use 2FAStarting October 1, WordPress plugin and theme developers must enable 2FA. This move aims to boost security and help prevent supply-chain attacks from targeting millions of websites. Read more in my article on the Tripwire State of Security blog.TRIPWIRE.COM
🎙️ PODCASTS 1[−]
12 SepSmashing Security podcast #384: A room with a view, AI music shenanigans, and a cocaine bearIt's a case of algorithm and blues as we look into an AI music scam, Ukraine believes it has caught a spy high in the sky, and a cocaine-fuelled bear goes on the rampage. All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity vete…GRAHAMCLULEY.COM
📡 INFOSEC NEWS 15[−]
12 SepKali Linux 2024.3 Released: 11 New Tools, Qualcomm Snapdragon SDM845 SoC SupportKali Linux 2024. 3 has been released with 11 new tools and added support for Qualcomm Snapdragon SDM845 SoC devices. This release emphasizes behind-the-scenes updates and optimization.HELPNETSECURITY.COM
12 SepCyber Staffing Shortages Remain CISOs' Biggest ChallengeA recent report by Command Zero highlights the struggles CISOs and their teams are dealing with, including navigating the skills gap in the cyber field and operating commonly used tools effectively.DARKREADING.COM
12 SepCybersecurity is a Fundamental Component of Patient Care and SafetyA multipronged cybersecurity approach is necessary for the healthcare sector, involving technology investments, staff training, and collaboration between stakeholders to develop industry-wide standards and best practices.HELPNETSECURITY.COM
12 SepIndia Needs Better Cybersecurity for Space SystemsDr. Sreedhara Panicker Somanath, chairman of the Indian Space Research Organization, emphasized the importance of cybersecurity for the entire system during the recent inauguration of a cybersecurity training center.DARKREADING.COM
12 SepExposed Selenium Grid Servers Targeted for Crypto Mining and ProxyjackingInternet-exposed Selenium Grid instances are being targeted by bad actors for illicit cryptocurrency mining and proxyjacking campaigns. "Selenium Grid is a server that facilitates running test cases in parallel across different browsers and versions," Cado Security researchers Ta…THEHACKERNEWS.COM
12 SepHacker tricks ChatGPT into giving out detailed instructions for making homemade bombsAn explosives expert told TechCrunch that the ChatGPT output could be used to make a detonatable product and was too sensitive to be released. © 2024 TechCrunch. All rights reserved. For personal use only.TECHCRUNCH.COM
12 SepStanding on the Windows platform, waiting for changeIn the wake of a gathering of industry leaders at Microsoft to discuss the endpoint-security ecosystem, some thoughtsSOPHOS.COM
12 SepThis hardware router VPN bypasses geo-restrictions, now an extra $10 offBypass geo-restrictions for good. Order this VPN router for $159 with free shipping when you enter code CONNECT at checkout. This offer ends September 29 at 11:59 PM Pacific. [...]BLEEPINGCOMPUTER.COM
12 SepFBI: Reported cryptocurrency losses reached $5.6 billion in 2023The FBI says that 2023 was a record year for cryptocurrency fraud, with total losses exceeding $5.6 billion, based on nearly 70,000 reports received through the Internet Crime Complaint Center (IC3). [...]BLEEPINGCOMPUTER.COM