Reading, writing, and cyber mayhem, amirite? If we were to draw an infosec Venn diagram, with one circle representing “sensitive info that attackers would want to steal” and the other “limited resources plus difficult-to-secure IT environments,” education would sit in…
Category: EN
Misinformation, Online Scams Surging Following Historic Hurricanes
Bad actors often take advantage of natural disasters, and especially hurricanes, in times of crisis. Hurricanes Helene and Milton pose significant new online threats, including misinformation and fraud. The post Misinformation, Online Scams Surging Following Historic Hurricanes appeared first on…
Casio Hit by Cyberattack Causing Service Disruption Amid Financial Challenges
Japanese tech giant Casio recently experienced a cyberattack on October 5, when an unauthorized individual accessed its internal networks, leading to disruptions in some of its services. The breach was confirmed by Casio Computer, the parent company behind the…
OilRig Exploits Windows Kernel Flaw in Espionage Campaign Targeting UAE and Gulf
The Iranian threat actor known as OilRig has been observed exploiting a now-patched privilege escalation flaw impacting the Windows Kernel as part of a cyber espionage campaign targeting the U.A.E. and the broader Gulf region. “The group utilizes sophisticated tactics…
Week in review: Microsoft fixes two exploited zero-days, SOC teams are losing trust in security tools
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Microsoft patches two zero-days exploited in the wild (CVE-2024-43573, CVE-2024-43572) For October 2024 Patch Tuesday, Microsoft has released fixes for 117 security vulnerabilities, including two…
Wireshark 4.4.1 Released, (Sun, Oct 13th)
Wireshark release 4.4.1 fixes 2 vulnerabilities and 27 bugs. One of these bugfixes is for the missing IP address plugin on Windows, see “Wireshark 4.4's IP Address Functions”. This article has been indexed from SANS Internet Storm Center, InfoCON: green…
Russia-linked group APT29 is targeting Zimbra and JetBrains TeamCity servers on a large scale
U.S. and U.K. cyber agencies warn that Russia-linked group APT29 is targeting vulnerable Zimbra and JetBrains TeamCity servers on a large scale. Russia-linked cyber espionage group APT29 (aka SVR group, BlueBravo, Cozy Bear, Nobelium, Midnight Blizzard, and The Dukes) target vulnerable Zimbra and JetBrains TeamCity servers as…
Microsoft’s guidance to help mitigate Kerberoasting
Kerberoasting, a well-known Active Directory (AD) attack vector, enables threat actors to steal credentials and navigate through devices and networks. Microsoft is sharing recommended actions administrators can take now to help prevent successful Kerberoasting cyberattacks. The post Microsoft’s guidance to…
USENIX NSDI ’24 – Known Knowns and Unknowns: Near-Realtime Earth Observation Via Query Bifurcation In Serval
Authors/Presenters:Bill Tao, Om Chabra, Ishani Janveja, Indranil Gupta, Deepak Vasisht Our sincere thanks to USENIX, and the Presenters & Authors for publishing their superb 21st USENIX Symposium on Networked Systems Design and Implementation (NSDI ’24) content, placing the organizations enduring…
New Yunit Infostealer Bypasses Windows Defender and Steals Sensitive Data
A new information-stealing malware has been discovered that is capable of exfiltrating a large amount of sensitive information while also disabling antivirus products to create persistence on target endpoints. CYFIRMA cybersecurity researchers have published a detailed investigation of the…
How to Recover a Hacked Gmail Account Even After a Security Breach
Having your Gmail account hacked can feel like a nightmare, especially when recovery details like phone numbers and email addresses have been changed by a hacker. Fortunately, recovering a compromised account is still possible, even if most security and…
Comcast Data Breach Impacts Thousands, Sensitive Information Compromised
Comcast Cable Communications LLC reports that it is a victim of a data breach compromising personal information of more than 237,000 individuals, including 22 residents of Maine. According to an investigation, the breach is traced back to Financial Business…
A cyber attack hit Iranian government sites and nuclear facilities
As Middle East tensions rise, cyberattacks hit Iran’s government branches and nuclear facilities, following Israel’s response to Iran’s October 1 missile barrage. Amid escalating Middle East tensions, Iran faced major cyberattacks Saturday, disrupting its government branches and targeting nuclear facilities.…
GoldenJackal jumps the air gap … twice – Week in security with Tony Anscombe
ESET research dives deep into a series of attacks that leveraged bespoke toolsets to compromise air-gapped systems belonging to governmental and diplomatic entities This article has been indexed from WeLiveSecurity Read the original article: GoldenJackal jumps the air gap ……
How to Stop Your Data From Being Used to Train AI
Some companies let you opt out of allowing your content to be used for generative AI. Here’s how to take back (at least a little) control from ChatGPT, Google’s Gemini, and more. This article has been indexed from Security Latest…
‘Chat control’: The EU’s controversial CSAM-scanning legal proposal explained
The European Union has a longstanding reputation for strong privacy laws. But a legislative plan to combat child abuse — which the bloc formally presented back in May 2022 — is threatening to downgrade the privacy and security of hundreds…
NextGen Identity Management
Federal agencies face a pivotal cybersecurity challenge: prevent unauthorized entities from accessing systems and facilities, while granting authorized federal employees and contractors access commensurate with verified need. Two factors complicate… The post NextGen Identity Management appeared first on Cyber Defense…
Voice Cloning and Deepfake Threats Escalate AI Scams Across India
The rapid advancement of AI technology in the past few years has brought about several benefits for society, but these advances have also led to sophisticated cyber threats. India is experiencing explosive growth in digital adoption, making it one…
American Water Works faces Cyberattack
American Water Works, the country’s largest provider of water services to 14 states, recently reported that it was cyber attacked on its information technology system. The current report has indicated that operational technology systems that control delivery of water within…
Mitigating the Risks of Shadow IT: Safeguarding Information Security in the Age of Technology
In today’s world, technology is integral to the operations of every organization, making the adoption of innovative tools essential for growth and staying competitive. However, with this reliance on technology comes a significant threat—Shadow IT. Shadow IT refers to…