Cybersecurity Today: Cloudflare’s DDoS Victory, Russian Hacker Arrests, and Truth Social Scams In this episode of Cybersecurity Today, host Jim Love discusses Cloudflare’s successful mitigation of the largest recorded DDoS attack, showcasing the company’s advanced defense capabilities. The episode also…
Category: EN
New DDoS Attack Vector Discovered in CUPS, Exposing 58,000+ Vulnerable Devices Online
Akamai researchers have identified a critical vulnerability in the Common Unix Printing System (CUPS) that could allow malicious actors to initiate powerful distributed denial-of-service (DDoS) attacks with minimal resources. Approximately 58,000 exposed devices are potentially at risk, posing a serious…
E.U. Court Limits Meta’s Use of Personal Facebook Data for Targeted Ads
Europe’s top court has ruled that Meta Platforms must restrict the use of personal data harvested from Facebook for serving targeted ads even when users consent to their information being used for advertising purposes, a move that could have serious…
Tools for Cyber Threat Hunting: Enhancing Security Posture
In today’s rapidly evolving digital landscape, organizations face an increasing number of cyber threats. Proactive measures, such as cyber threat hunting, have become essential in identifying and mitigating risks before they escalate. Here are some key tools and techniques that…
Chinese Group Hacked US Court Wiretap Systems
Chinese hackers have infiltrated the networks of major U.S. broadband providers, gaining access to systems used for court-authorized wiretapping. According to a Reuters report, the attack targeted the networks of Verizon Communications, AT&T, and Lumen Technologies. The breach raises severe…
U.S. CISA adds Synacor Zimbra Collaboration flaw to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Zimbra Collaboration vulnerability to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the Zimbra Collaboration vulnerability CVE-2024-45519 (CVSS score of 10) to its Known Exploited Vulnerabilities (KEV) catalog. This…
CloudSEK Debuts Free Deep Fake Detection Technology
CloudSEK, a provider of AI-driven cybersecurity solutions, has debuted Deep Fake Detection Technology, which is now available for free. The company says this initiative is part of its commitment to providing society with resources to combat cybercrime. Advanced Deep Fake…
DHS tracks down $ 4.3 billion ransomware payments
An official report from Homeland Security Investigations (HSI) released on October 4, 2024, reveals that department officials have tracked and recovered nearly $4.3 billion in cryptocurrency payments related to ransomware crimes over the past three years. The Department of Homeland…
Check Point Software Acquires Cyberint
Check Point Software, a cybersecurity solutions provider, has acquired Cyberint Technologies, a company specializing in external risk management solutions. This marks Check Point’s third startup acquisition within the past year. Through this acquisition, Check Point will enhance its Security Operations…
The Future of Network Access Control: Transitioning to Universal ZTNA
The way enterprises secure their networks is undergoing a dramatic shift. Traditional Network Access Control (NAC) solutions, once the cornerstone of access security, need help to keep pace with the complexities and dynamism of modern network environments. A recent Gartner…
19.6K+ Public Zimbra Installations Vulnerable to Code Execution Attacks – CVE-2024-45519
A critical vulnerability in Zimbra’s postjournal service, identified as CVE-2024-45519, has left over 19,600 public Zimbra installations exposed to remote code execution attacks. This vulnerability, with a CVSS score of 9.8, allows unauthenticated attackers to execute arbitrary commands on affected…
Transforming cloud security with real-time visibility
In this Help Net Security interview, Amiram Shachar, CEO at Upwind, discusses the complexities of cloud security in hybrid and multi-cloud environments. He outlines the need for deep visibility into configurations and real-time insights to achieve a balance between agility…
The case for enterprise exposure management
For several years, external attack surface management (EASM) has been an important focus for many security organizations and the vendors that serve them. EASM, attempting to discover the full extent of an organization’s external attack surface and remediate issues, had…
SOC teams are frustrated with their security tools
Security operations center (SOC) practitioners believe they are losing the battle detecting and prioritizing real threats – due to too many siloed tools and a lack of accurate attack signal, according to Vectra AI. They cite a growing distrust in…
Rspamd: Open-source spam filtering system
Rspamd is an open-source spam filtering and email processing framework designed to evaluate messages based on a wide range of rules, including regular expressions, statistical analysis, and integrations with custom services like URL blacklists. The system analyzes each message and…
Meet the shared responsibility model with new CIS resources
You can’t fulfill your end of the shared responsibility model if you don’t emphasize secure configurations. Depending on the cloud services you’re using, you’re responsible for configuring different things. Once you figure out those responsibilities, you then need to perform…
ISC Stormcast For Monday, October 7th, 2024 https://isc.sans.edu/podcastdetail/9168, (Mon, Oct 7th)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Monday, October 7th, 2024…
China-linked group Salt Typhoon hacked US broadband providers and breached wiretap systems
China-linked APT group Salt Typhoon breached U.S. broadband providers, potentially accessing systems for lawful wiretapping and other data. China-linked APT group Salt Typhoon (also known as FamousSparrow and GhostEmperor) breached U.S. broadband providers, including Verizon, AT&T, and Lumen Technologies, potentially accessing systems for…
How Cybercriminals Use Stolen Data to Target Companies — A Deep Dive into the Dark Web
The digital world has revolutionized the way we live and work, but it has also opened up a new realm for cybercriminals. The rise of the dark web has provided a breeding ground for hackers and other malicious actors to…
5 hurricane-tracking apps I rely on as a Floridian tech pro – and which one is my favorite
I’ve weathered multiple hurricanes from my South Florida home and refined my approach to preparing for them along the way. These are my essential weather-tracking tools that I use to stay ahead of severe storms. This article has been indexed…