We had such an overwhelming response to our first article, which shared industry expert opinions during Cybersecurity Awareness Month, that we’ll be publishing another few articles with more expert insights over the next few weeks. Following on with the theme…
Category: EN
CISA Warns of Critical Fortinet Flaw as Palo Alto and Cisco Issue Urgent Security Patches
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a critical security flaw impacting Fortinet products to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability, tracked as CVE-2024-23113 (CVSS score: 9.8), relates to…
The Internet Archive slammed by DDoS attack and data breach
The Internet Archive, the nonprofit organization that digitizes and archives materials like web pages, came under attack Wednesday. Several users – including over at The Verge – confronted a pop-up when visiting the site, reading, “Have you ever felt like…
Disinformation Campaign Targets Moldova Ahead of Presidential Elections and EU Membership Referendum
A cyber-enabled disinformation campaign, dubbed Operation MiddleFloor, is targeting Moldova’s government and educational sectors, according to Check Point Research. The campaign began in early August and appears to have been aimed at influencing the country’s presidential elections on 20 October,…
Widening talent pool in cyber with on-demand contractors
Filling roles within the cyber sector is an ongoing battle. The shortfall of workers risks creating a vicious cycle within existing cyber teams: With fewer team members to spread the workload on, you risk burning out security professionals. Many make…
Firefox Zero-Day Under Attack: Update Your Browser Immediately
Mozilla has revealed that a critical security flaw impacting Firefox and Firefox Extended Support Release (ESR) has come under active exploitation in the wild. The vulnerability, tracked as CVE-2024-9680, has been described as a use-after-free bug in the Animation timeline…
Network Penetration Testing Checklist – 2024
Network Penetration Testing checklist determines vulnerabilities in the network posture by discovering open ports, troubleshooting live systems, and services, and grabbing system banners. The pen-testing helps the administrator close unused ports, add additional services, hide or customize banners, troubleshoot services, and…
File hosting services misused for identity phishing
Since mid-April 2024, Microsoft has observed an increase in defense evasion tactics used in campaigns abusing file hosting services like SharePoint, OneDrive, and Dropbox. These campaigns use sophisticated techniques to perform social engineering, evade detection, and compromise identities, and include…
Balancing legal frameworks and enterprise security governance
In this Help Net Security interview, Tom McAndrew, CEO at Coalfire, discusses the balance organizations must strike between legal compliance and effective enterprise security governance in the context of evolving regulatory frameworks. McAndrew also addresses the need for clear governance…
Investing in Privacy by Design for long-term compliance
In this Help Net Security interview, Bojan Belušić, Head of Information Security & IT Operations at Microblink, discusses the relationship between Privacy by Design and regulatory frameworks like GDPR. Integrating privacy principles from the outset of product and process development…
Consumers have trust issues regarding how AI collects their data
Consumers worldwide are highly concerned about the information companies collect from them – especially when it’s used for AI, according to Cohesity. The majority of respondents (73% in the UK, 81% in the US and 82% in Australia) criticized companies…
GPTHoney: A new class of honeypot [Guest Diary], (Thu, Oct 10th)
[This is a Guest Diary by Christopher Schroeder, an ISC intern as part of the SANS.edu BACS program] This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: GPTHoney: A new class of honeypot…
What lies ahead for AI in cybersecurity
AI is becoming recognized for its potential to strengthen cybersecurity measures and tackle the skills gap across various sectors. Its ability to streamline data management processes boosts efficiency and strengthens security protocols. However, the rise of GenAI has raised alarms…
Internet Archive Breach Exposes 31 Million Users
The hack exposed the data of 31 million users as the embattled Wayback Machine maker scrambles to stay online and contain the fallout of digital—and legal—attacks. This article has been indexed from Security Latest Read the original article: Internet Archive…
ISC Stormcast For Thursday, October 10th, 2024 https://isc.sans.edu/podcastdetail/9174, (Thu, Oct 10th)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Thursday, October 10th, 2024…
Internet Archive leaks user info and succumbs to DDoS
31 million users’ usernames, email addresses and salted-encrypted passwords are out there The Internet Archive had a bad day on the infosec front, after being DDoSed and exposing user data.… This article has been indexed from The Register – Security…
Third-Party Pitfalls: Securing Private Data in Government Operations
The post Third-Party Pitfalls: Securing Private Data in Government Operations appeared first on Votiro. The post Third-Party Pitfalls: Securing Private Data in Government Operations appeared first on Security Boulevard. This article has been indexed from Security Boulevard Read the original…
Moscow-adjacent GoldenJackal gang strikes air-gapped systems with custom malware
USB sticks help, but it’s unclear how tools that suck malware from them are delivered A cyberespionage APT crew named GoldenJackal hacked air-gapped PCs belonging to government and diplomatic entities at least twice using two sets of custom malware, according…
Internet Archive – 31,081,179 breached accounts
In September 2024, the digital library of internet sites Internet Archive suffered a data breach that exposed 31M records. The breach exposed user records including email addresses, screen names and bcrypt password hashes. This article has been indexed from Have…
Smart TVs are spying on everyone
Regulators know this is a nightmare and have done little to stop it. Privacy advocacy group wants that to change Smart TVs are watching their viewers and harvesting their data to benefit brokers using the same ad technology that denies…