Amazon Web Services (AWS) successfully completed an onboarding audit with no findings for ISO 9001:2015, 27001:2022, 27017:2015, 27018:2019, 27701:2019, 20000-1:2018, and 22301:2019, and Cloud Security Alliance (CSA) STAR Cloud Controls Matrix (CCM) v4.0. Ernst and Young CertifyPoint auditors conducted the…
Category: EN
PSA: These ‘Microsoft Support’ ploys may just fool you
We came a cross a clever abuse of Google and Microsoft’s services that fooled us for a minute. See if you could have spotted it. This article has been indexed from Malwarebytes Read the original article: PSA: These ‘Microsoft Support’…
Why the NSA advises you to turn off your phone once a week
Powering off your phone regularly, disabling Bluetooth, and using only trusted accessories are just a few of the NSA’s security recommendations. Here’s what else to know. This article has been indexed from Latest stories for ZDNET in Security Read the…
Fortifying the future of Security for AI: Cisco Announces intent to acquire Robust Intelligence
Cisco announces a significant step in securing the AI-driven enterprise with intent to acquire Robust Intelligence, Inc., a trailblazing company at the forefront of AI security solutions. This article has been indexed from Cisco Blogs Read the original article: Fortifying…
Microsoft mistake blows up admins’ inboxes with fake malware alerts
Legitimate emails misclassified in software snafu Updated Many administrators have had a trying Monday after getting spammed out with false malware reports by Microsoft.… This article has been indexed from The Register – Security Read the original article: Microsoft mistake…
Slack Fixes AI Security Flaw After Expert Warning
Slack, the popular communication platform used by businesses worldwide, has recently taken action to address a potential security flaw related to its AI features. The company has rolled out an update to fix the issue and reassured users that…
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-7971 Google Chromium V8 Type Confusion Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to…
Audit Finds Notable Security Gaps in FBI’s Storage Media Management
The FBI lacks proper policies and controls for tracking and disposing of storage media, leading to risks of loss or theft. The audit also identified physical security gaps in the media destruction process at FBI facilities. This article has been…
Seattle airport ‘possible cyberattack’ snarls travel yet again
No word yet on if ransomware is to blame The Port of Seattle, which operates the Seattle-Tacoma International Airport, is investigating a “possible cyberattack” after computer outages disrupted the airport’s operations and delayed flights.… This article has been indexed from…
Watchdog warns FBI is sloppy on secure data storage and destruction
National security data up for grabs, Office of the Inspector General finds The FBI has made serious slip-ups in how it processes and destroys electronic storage media seized as part of investigations, according to an audit by the Department of…
Vulnerability Summary for the Week of August 19, 2024
High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info Patch Info Liquid Web–GiveWP Deserialization of Untrusted Data vulnerability in Liquid Web GiveWP allows Object Injection.This issue affects GiveWP: from n/a through 3.14.1. 2024-08-19 10 CVE-2024-37099 audit@patchstack.com webdevmattcrom–GiveWP Donation…
SonicWall addressed an improper access control issue in its firewalls
SonicWall addressed a critical flaw in its firewalls that could allow attackers to achieve unauthorized access to the devices. SonicWall has released security updates to address a critical vulnerability, tracked as CVE-2024-40766 (CVSS score: 9.3), in its firewalls. The vulnerability is…
Marketing Data Security Threats Are Rising: Where CMOs See Gaps
A new report from the CMO Council and KPMG shows that building strong relationships between marketing and data security teams is crucial, but one-third of partnerships struggle with collaboration. This article has been indexed from Cyware News – Latest Cyber…
Vulnerability Prioritization is Only the Beginning
Vulnerability prioritization is crucial in managing security threats but is only the beginning. Knowing which vulnerabilities to address is not enough; the focus should be on quickly addressing and mitigating them. This article has been indexed from Cyware News –…
Chinese APT Volt Typhoon Caught Exploiting Versa Networks SD-WAN Zero-Day
Malware hunters catch Chinese APT Volt Typhoon exploiting a zero-day in Versa Director servers used by ISPs and MSPs. The post Chinese APT Volt Typhoon Caught Exploiting Versa Networks SD-WAN Zero-Day appeared first on SecurityWeek. This article has been indexed…
Navigating PCI DSS 4.0: Insights from Industry Experts on Client-Side Security
With the March 2025 PCI DSS 4.0 deadline looming, organizations face new challenges, particularly in securing against eSkimming threats. At a recent Source Defense roundtable, industry experts shared crucial insights on navigating these changes. Learn how to prepare for compliance…
SonicWall patches critical flaw affecting its firewalls (CVE-2024-40766)
SonicWall has patched a critical vulnerability (CVE-2024-40766) in its next-gen firewalls that could allow remote attackers unauthorized access to resources and, in specific conditions, to crash the appliances. About CVE-2024-40766 CVE-2024-40766 is an improper access control vulnerability in the “SonicWall…
Summer 2024 SOC report now available with 177 services in scope
We continue to expand the scope of our assurance programs at Amazon Web Services (AWS) and are pleased to announce that the Summer 2024 System and Organization Controls (SOC) 1 report is now available. The report covers 177 services over the 12-month…
1,000,000 WordPress Sites Protected Against Unique Remote Code Execution Vulnerability in WPML WordPress Plugin
On June 19th, 2024, we received a submission for a Remote Code Execution via Twig Server-Side Template Injection vulnerability in WPML, a WordPress plugin with more than 1,000,000 active installations. The post 1,000,000 WordPress Sites Protected Against Unique Remote Code…
Fraud Tactics and the Growing Prevalence of AI Scams
Hiya, a call-blocking service, identified nearly 20 billion spam calls in the first half of 2024, with over 107 million spam calls daily. Of the 42 countries analyzed, 25 had spam flag rates exceeding 20%, some even surpassing 50%. This…