Category: EN

Myrror Security Emerges From Stealth Mode With $6 Million in Funding

Myrror Security emerges from stealth mode to disrupt supply chain attacks with binary-to-source code analysis. The post Myrror Security Emerges From Stealth Mode With $6 Million in Funding appeared first on SecurityWeek. This article has been indexed from SecurityWeek RSS…

Read more →

37 Vulnerabilities Patched in Android With November 2023 Security Updates

The Android security updates released this week resolve 37 vulnerabilities, including a critical information disclosure bug. The post 37 Vulnerabilities Patched in Android With November 2023 Security Updates appeared first on SecurityWeek. This article has been indexed from SecurityWeek RSS…

Read more →

How to Select the Right Cyber Risk Management Services

As organizations recognize the importance of cyber risk management, the challenge of selecting the right cyber risk management services for the company comes. An efficient cyber risk management program can help organizations to protect their critical assets and data from…

Read more →

New SEC Disclosure Rules Demand Better CISO Communication

The SEC’s charges against SolarWinds and its CISO follow a new set of rules that put greater responsibility on organizations’ leadership. The post New SEC Disclosure Rules Demand Better CISO Communication appeared first on Security Boulevard. This article has been…

Read more →

IBM introduces cloud-native SIEM to empower today’s security teams

IBM announced a major evolution of its flagship IBM QRadar SIEM product: redesigned on a new cloud-native architecture, built specifically for hybrid cloud scale, speed and flexibility. IBM also unveiled plans for delivering generative AI capabilities within its threat detection…

Read more →

On Election Day, CISA and Partners Coordinate on Security Operations

This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from CISA News Read the original article: On Election Day, CISA and Partners Coordinate on Security Operations

Read more →

Roundtable: Bridging the Tech Skills Gap: Do You Need More than a Degree?

In this roundtable discussion, experts give their views on the current state of the tech skills gap and what practical actions businesses like yours can take to close that gap and deliver the highly skilled people your company needs to…

Read more →

IBM X-Force Discovers Gootloader Malware Variant- GootBot

By Deeba Ahmed GootBot: New Gootloader Variant Evades Detection with Stealthy Lateral Movement. This is a post from HackRead.com Read the original post: IBM X-Force Discovers Gootloader Malware Variant- GootBot This article has been indexed from Hackread – Latest Cybersecurity…

Read more →

Confidence in File Upload Security is Alarmingly Low. Why?

Numerous industries—including technology, financial services, energy, healthcare, and government—are rushing to incorporate cloud-based and containerized web applications.  The benefits are undeniable; however, this shift presents new security challenges.  OPSWAT’s 2023 Web Application Security report reveals: 75% of organizations have modernized their…

Read more →

New GootLoader Malware Variant Evades Detection and Spreads Rapidly

A new variant of the GootLoader malware called GootBot has been found to facilitate lateral movement on compromised systems and evade detection. “The GootLoader group’s introduction of their own custom bot into the late stages of their attack chain is an attempt…

Read more →

Malwarebytes makes B2B unit spin-off official, launches ThreatDown

U.S.-based cybersecurity giant Malwarebytes today launched ThreatDown, a new brand that encompasses its business software portfolio and B2B-focused unit, the company confirmed to TechCrunch. Earlier this year, Malwarebytes let go of approximately 100 employees as part of a wider plan to…

Read more →

Veeam fixed multiple flaws in Veeam ONE, including critical issues

Veeam addressed multiple vulnerabilities in its Veeam ONE IT infrastructure monitoring and analytics platform, including two critical issues. Veeam addressed four vulnerabilities (CVE-2023-38547, CVE-2023-38548, CVE-2023-38549, CVE-2023-41723) in the Veeam ONE IT infrastructure monitoring and analytics platform. The vulnerability CVE-2023-38547 (CVSS…

Read more →

Cloud Foundry Foundation updates Korifi to simplify Kubernetes developer experience

Cloud Foundry Foundation announced the latest release of Korifi, a Platform-as-a-Service (PaaS) that takes a major step forward in reducing the complexity of Kubernetes while improving the application deployment experience. The Korifi update includes support for Docker images and deploying…

Read more →

VMware advances IT modernization and security

VMware announced advanced automation capabilities and expanded third-party integrations delivered through the Anywhere Workspace platform that provide organizations with the tools needed to simplify IT workflows, enhance security, and improve overall efficiencies. “Implementing automation capabilities across all aspects of IT…

Read more →

Suspicious Microsoft Authenticator requests don’t trigger notifications anymore

Microsoft Authenticator will suppress suspicious authentication prompts to protect users against social engineering attacks. Microsoft has now enabled the security feature, which it unveiled back in August 2023. Microsoft Authenticator is a […] Thank you for being a Ghacks reader.…

Read more →

Okta breach happened after employee logged into personal Google account

Okta has concluded that the root cause of its breach was an employee storing company credentials in a private Google account. This article has been indexed from Malwarebytes Read the original article: Okta breach happened after employee logged into personal…

Read more →

Ransomware Gang Leaks Data Allegedly Stolen From Canadian Hospitals

Five Canadian hospitals have confirmed a ransomware attack as data allegedly stolen from them was posted online. The post Ransomware Gang Leaks Data Allegedly Stolen From Canadian Hospitals appeared first on SecurityWeek. This article has been indexed from SecurityWeek RSS…

Read more →

Federal Push for Secure-by-Design: What It Means for Developers

Secure-by-design is clearly important to the federal government, and there is a strong possibility that it will become a regulatory requirement for the critical industries enforced through an Executive Order. The post Federal Push for Secure-by-Design: What It Means for…

Read more →

Moving Beyond CVSS Scores for Vulnerability Prioritization

Since 2016, new vulnerabilities reported each year have nearly tripled. With the increasing number of discovered vulnerabilities, organizations need to prioritize which of them need immediate attention. However, the task of prioritizing vulnerabilities for patching can be challenging, as it…

Read more →

Winter Vivern’s Roundcube Zero-Day Exploits

In a recent cybersecurity development, an elusive threat actor named Winter Vivern aimed its sights at the popular Roundcube webmail software, successfully exploiting a zero-day vulnerability on October 11th. This breach allowed unauthorized access to sensitive email messages, causing alarm…

Read more →

What a Bloody San Francisco Street Brawl Tells Us About the Age of Citizen Surveillance

When a homeless man attacked a former city official, footage of the onslaught became a rallying cry. Then came another video, and another—and the story turned inside out. This article has been indexed from Security Latest Read the original article:…

Read more →

Looking Ahead: Highlights from ENISA’s Foresight 2030 Report

One of the most important factors in the technology and cybersecurity industries is the inevitable presence of constant change. Technology, business, and industry are always evolving, while cybercriminals are always searching for new and innovative ways to attack. While there…

Read more →

Google introduces real-time scanning on Android devices to fight malicious apps

It doesn’t matter if you have a smartphone, a tablet, a laptop, or a desktop computer. Whatever your computing device of choice, you don’t want it impacted by malware. And although many of us are familiar with the concept of…

Read more →

Pro-Palestinian hackers group ‘Soldiers of Solomon’ disrupted the production cycle of the biggest flour production plant in Israel

Pro-Palestinian hackers group ‘Soldiers of Solomon’ claims to have hacked one of the largest Israeli flour plants causing severe damage to the operations. The Pro-Palestinian hackers group ‘Soldiers of Solomon’ announced that it had breached the infrastructure of the production…

Read more →

Cybersecurity M&A Roundup: 31 Deals Announced in October 2023

Thirty-one cybersecurity-related merger and acquisition (M&A) deals were announced in October 2023. The post Cybersecurity M&A Roundup: 31 Deals Announced in October 2023 appeared first on SecurityWeek. This article has been indexed from SecurityWeek RSS Feed Read the original article:…

Read more →

Looney Tunables bug exploited for cryptojacking

Kinsing threat actors have been spotted exploiting the recently disclosed Looney Tunables (CVE-2023-4911) vulnerability to covertly install cryptomining software into cloud-native environments. Kinsing (aka Money Libra) is a threat actor group that has been active since late 2021, targeting cloud-native…

Read more →

SideCopy Exploiting WinRAR Flaw in Attacks Targeting Indian Government Entities

The Pakistan-linked threat actor known as SideCopy has been observed leveraging the recent WinRAR security vulnerability in its attacks targeting Indian government entities to deliver various remote access trojans such as AllaKore RAT, Ares RAT, and DRat. Enterprise security firm SEQRITE described…

Read more →

Cerber Ransomware hackers target Atlassian Confleunce servers

A recent study conducted by the cybersecurity firm Rapid7 has revealed that multiple ransomware groups are actively targeting vulnerabilities in Atlassian Confluence Servers. One such criminal group, responsible for the distribution of Cerber Ransomware, is exploiting these vulnerabilities in Confluence…

Read more →

Iranian Agonizing Serpens APT is targeting Israeli entities with destructive cyber attacks

Iran-linked Agonizing Serpens group has been targeting Israeli organizations with destructive cyber attacks since January. Iran-linked Agonizing Serpens group (aka Agrius, BlackShadow, Pink Sandstorm, DEV-0022) has been targeting Israeli organizations in higher education and tech sectors with destructive cyber attacks since January 2023. Palo…

Read more →

LinkedIn Scraped and Faked Data (2023) – 5,820,276 breached accounts

In November 2023, a post to a popular hacking forum alleged that millions of LinkedIn records had been scraped and leaked. On investigation, the data turned out to be a combination of legitimate data scraped from LinkedIn and email addresses…

Read more →

VMware Explore Barcelona 2023: Enhanced Private AI and Sovereign Cloud Services Announced

VMware’s Private AI platform will include interoperability with Intel, IBM’s watsonx and Kyndryl. This article has been indexed from Security | TechRepublic Read the original article: VMware Explore Barcelona 2023: Enhanced Private AI and Sovereign Cloud Services Announced

Read more →

Experts Warn of Ransomware Hackers Exploiting Atlassian and Apache Flaws

Multiple ransomware groups have begun to actively exploit recently disclosed flaws in Atlassian Confluence and Apache ActiveMQ. Cybersecurity firm Rapid7 said it observed the exploitation of CVE-2023-22518 and CVE-2023-22515 in multiple customer environments, some of which have been leveraged for the deployment of Cerber (aka C3RB3R) ransomware. Both vulnerabilities…

Read more →

Steps to Follow to Comply With the SEC Cybersecurity Disclosure Rule

Mandiant/Google Cloud’s Jill C. Tyson offers up timelines, checklists, and other guidance around enterprise-wide readiness to ensure compliance with the new rule. This article has been indexed from Dark Reading Read the original article: Steps to Follow to Comply With…

Read more →

Intensified Israeli Surveillance Has Put the West Bank on Lockdown

The West Bank was Israel’s surveillance laboratory. Since the Israel-Hamas war began, Palestinian residents have been locked in for days at a time. This article has been indexed from Security Latest Read the original article: Intensified Israeli Surveillance Has Put…

Read more →

7 free cyber threat maps showing attack intensity and frequency

Cyber threat maps are one of the most visually engaging tools in the arsenal of cybersecurity professionals. These real-time visualizations provide a global perspective on digital threats, showcasing the intensity and frequency of attacks as they happen. This article lists…

Read more →

How AI is transforming consumer privacy expectations

Consumers are concerned about their privacy with AI. Cisco discovered that 60% had lost trust in organizations due to their AI use. In this Help Net Security video, Robert Waitman, Director of Cisco’s Privacy Center of Excellence, discusses consumers’ perceptions…

Read more →

Kubescape 3.0 elevates open-source Kubernetes security

Targeted at the DevSecOps practitioner or platform engineer, Kubescape, the open-source Kubernetes security platform has reached version 3.0. Vulnerability scan results Kubescape 3.0 features Kubescape 3.0 adds new features that make it easier for organizations to secure their Kubernetes clusters,…

Read more →

Critical Flaws Discovered in Veeam ONE IT Monitoring Software – Patch Now

Veeam has released security updates to address four flaws in its ONE IT monitoring and analytics platform, two of which are rated critical in severity. The list of vulnerabilities is as follows – CVE-2023-38547 (CVSS score: 9.9) – An unspecified flaw that can…

Read more →

Outdated cryptographic protocols put vast amounts of network traffic at risk

Cryptography is largely taken for granted – rarely evaluated or checked – a practice that could have devastating consequences for businesses as attack surfaces continue to expand, the cost of a data breach rises year-over-year, and the age of quantum…

Read more →

Automatic Conditional Access policies in Microsoft Entra streamline identity protection

To help our customers be secure by default, we’re rolling out Microsoft managed Conditional Access policies that will automatically protect tenants. The post Automatic Conditional Access policies in Microsoft Entra streamline identity protection appeared first on Microsoft Security Blog. This…

Read more →

E-commerce Armor: Ensuring Secure Payment Processing

The ability to securely process payments is a crucial component of any successful e-commerce business. This article will explore the benefits, types, security concerns, compliance… The post E-commerce Armor: Ensuring Secure Payment Processing appeared first on Security Zap. This article…

Read more →

Endpoint security getting a boost from AI and machine learning

The endpoint security market is becoming increasingly diverse as vendors incorporate AI, ML and zero trust. This article has been indexed from Security News | VentureBeat Read the original article: Endpoint security getting a boost from AI and machine learning

Read more →

EFF to Ninth Circuit: Activists’ Personal Information Unconstitutionally Collected by DHS Must Be Expunged

EFF filed an amicus brief in the U.S. Court of Appeals for the Ninth Circuit in a case that has serious implications for people’s First Amendment rights to engage in cross-border journalism and advocacy. In 2019, the local San Diego…

Read more →

Kinsing Cyberattackers Debut ‘Looney Tunables’ Cloud Exploits

Admins need to patch immediately, as the prolific cybercrime group pivots from cryptomining to going after cloud secrets and credentials. This article has been indexed from Dark Reading Read the original article: Kinsing Cyberattackers Debut ‘Looney Tunables’ Cloud Exploits

Read more →

Online store exposed millions of Chinese citizen IDs

A security researcher said he discovered millions of Chinese citizen identity numbers spilling online after an e-commerce store left its database exposed to the internet. Viktor Markopoulos, a security researcher working for CloudDefense.ai, said he found the database belonging to…

Read more →

Cloud Connectivity: Learn How to Connect the Cloud (The Right Way)

Learn how to connect to the cloud, no matter your current skill level. Explore all-new tutorials on cloud connectivity, upcoming releases, and the ENCC Specialist certification, available now as a concentration exam in the CCNP Enterprise certification track. This article…

Read more →

ICE faces heat after agents install thousands of personal apps, VPNs on official phones

Audit: Craptastic security could potentially put govt info in hands of enemies America’s immigration cops have pushed back against an official probe that concluded their lax mobile device security potentially put sensitive government information at risk of being stolen by…

Read more →

Randall Munroe’s XKCD ‘Doctor’s Office’

via the comic artistry and dry wit of Randall Munroe, creator of XKCD! Permalink The post Randall Munroe’s XKCD ‘Doctor’s Office’ appeared first on Security Boulevard. This article has been indexed from Security Boulevard Read the original article: Randall Munroe’s…

Read more →

DEF CON 31 – Bohan Liu, Zheng Wang, GuanCheng Li ‘ndays Are Also 0days’

Many thanks to DEF CON 31 for publishing their terrific DefCon Conference 31 presenters content. Originating from the conference events at Caesars Forum, Flamingo, Harrah’s and Linq in Las Vegas, Nevada; via the organizations YouTube channel. Permalink The post DEF…

Read more →

Okta Breach Linked to Employee’s Google Account, Affects 134 Customers

By Waqas Some of the most prominent victims of the data breach include Cloudflare, 1Password, and BeyondTrust. This is a post from HackRead.com Read the original post: Okta Breach Linked to Employee’s Google Account, Affects 134 Customers This article has…

Read more →

CVSS 4.0 Arrived As The New Vulnerability Scoring Standard

After announcing the upgradation of the CVSS 3.0 scoring system in June, this week, FIRST… CVSS 4.0 Arrived As The New Vulnerability Scoring Standard on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses. This article…

Read more →

Discord Adopts Temporary CDN Links To Prevent Malware

After inadvertently becoming the vector to spread malware several times, Discord has devised a strategy… Discord Adopts Temporary CDN Links To Prevent Malware on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses. This article has…

Read more →

Virtual Kidnapping: AI Tools Are Enabling IRL Extortion Scams

With AI and publicly available data, cybercriminals have the resources they need to fake a real-life kidnapping and make you believe it. This article has been indexed from Dark Reading Read the original article: Virtual Kidnapping: AI Tools Are Enabling…

Read more →

Gootloader Aims Malicious, Custom Bot Army at Enterprise Networks

Previously limited to initial access brokering, the Gootloader group has pivoted to a nasty post-compromise “GootBot” attack, each implant with its own C2. This article has been indexed from Dark Reading Read the original article: Gootloader Aims Malicious, Custom Bot…

Read more →

Vulnerability Summary for the Week of October 30, 2023

  High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info contec — solarview_compact_firmware An issue in Contec SolarView Compact v.6.0 and before allows an attacker to execute arbitrary code via the texteditor.php component. 2023-10-27 9.8…

Read more →

Weekly Vulnerability Recap – November 6, 2023 – Windows Drivers and Exchange Flaws

Windows drivers and Exchange flaws highlight the importance of safeguarding digital environments against evolving threats this week. The post Weekly Vulnerability Recap – November 6, 2023 – Windows Drivers and Exchange Flaws appeared first on eSecurity Planet. This article has…

Read more →

Novel Google Cloud RAT Uses Calendar Events for C2

Cybercriminals are abusing legitimate functions within cloud services, and providers can’t totally stop them, especially when it comes to innovative approaches like this. This article has been indexed from Dark Reading Read the original article: Novel Google Cloud RAT Uses…

Read more →

Google Play Store just unveiled a security badge for some apps. Here’s what it means

Starting with VPN apps, Google will display unique badges for apps in the Play Store that prioritize user security and privacy. This article has been indexed from Latest stories for ZDNET in Security Read the original article: Google Play Store…

Read more →

Ransomware continues to rise in October across all sectors

This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from Security Resources and Information from TechTarget Read the original article: Ransomware continues to rise in October across…

Read more →

Digital Rights Updates with EFFector 35.14

There’s been lots of news and updates recently in the realm of digital rights, from EFF’s recent investigation (and quiz!) into the student monitoring tool GoGuardian, to a recent victory in California regarding law enforcement’s sharing of ALPR data outside…

Read more →

New Facebook Whistleblower Comes Forward Alleging Company Failed To Protect Young Users

The post New Facebook Whistleblower Comes Forward Alleging Company Failed To Protect Young Users appeared first on Facecrooks. Several years ago, a former Facebook employee named Frances Haugen released troves of internal company documents that revealed it was aware of…

Read more →

Aqua Security Introduces Industry-First Kubernetes Vulnerability Scanning With Trivy KBOM

This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from Dark Reading Read the original article: Aqua Security Introduces Industry-First Kubernetes Vulnerability Scanning With Trivy KBOM

Read more →

Excelsior University Contends for National Cyber League Competition Title

This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from Dark Reading Read the original article: Excelsior University Contends for National Cyber League Competition Title

Read more →

Elevating the standard for cybersecurity education

Learn about OffSec’s unique approach to cybersecurity education. Better understand a comprehensive learning ecosystem that emphasizes a continuous cycle of learning, from hands-on offensive techniques to defensive strategies, and join a community dedicated to real-world cybersecurity excellence. The post Elevating…

Read more →

Congress Shouldn’t Limit The Public’s Right To Fight Bad Patents

The U.S. Senate Subcommittee on Intellectual Property will debate a bill this week that would dramatically limit the public’s right to challenge bad granted patents. The PREVAIL Act, S. 2220 would bar most people from petitioning the U.S. Patent and…

Read more →

Critical Confluence flaw exploited in ransomware attacks

Experts warn threat actors that started exploiting a recent critical flaw CVE-2023-22518 in Confluence Data Center and Confluence Server. Over the weekend threat actors started exploiting a recently disclosed vulnerability (CVE-2023-22518) in all versions of Atlassian Confluence Data Center and…

Read more →

Travelers to Acquire Cyberinsurance Firm Corvus for $435 Million

Property and casualty insurance giant Travelers has entered into an agreement to acquire Corvus Insurance Holdings for approximately $435 million. The post Travelers to Acquire Cyberinsurance Firm Corvus for $435 Million appeared first on SecurityWeek. This article has been indexed…

Read more →

Authentication Systems Decoded: The Science Behind Securing Your Digital Identity

Cybersecurity is a continuous journey, but with solid authentication systems, this trip can be safer for everyone on board. The post Authentication Systems Decoded: The Science Behind Securing Your Digital Identity appeared first on Security Boulevard. This article has been…

Read more →

GUEST ESSAY: How to mitigate the latest, greatest phishing variant — spoofed QR codes

QR code phishing attacks started landing in inboxes around the world about six months ago. Related: ‘BEC’ bilking on the rise These attacks prompt the target to scan a QR code and trick them into downloading malware or sharing sensitive…

Read more →

US Focus on Cybersecurity, But Contractors Lag Behind in Preparedness

  The leaders of the Five Eyes, a coalition of English-speaking intelligence agencies, have emphasized the critical nature of safeguarding sensitive information in cyberspace, especially in light of the escalating tensions with The People’s Republic of China, which they have…

Read more →

How is Brave’s ‘Leo’ a Better Generative AI Option?

Brave Browser  Brave is a Chromium-based browser, running on Brave search engine, that restricted tracking for personal ads.  Brave’s new product – Leo – is a generative AI assistant, on top of Anthropic’s Claude and Meta’s Llama 2. Apparently, Leo…

Read more →

Middle East’s 5G Acceleration May Pose Serious Security Issues

Telcos across the Middle East are rapidly rolling out 5G networks. Will this accelerated adoption lead to higher security vulnerabilities? This article has been indexed from Dark Reading Read the original article: Middle East’s 5G Acceleration May Pose Serious Security…

Read more →

CISA Published When to Issue VEX Information

Today, CISA published When to Issue Vulnerability Exploitability eXchange (VEX) Information, developed by a community of industry and government experts with the goal to offer some guidance and structure for the software security world, including the large and growing global…

Read more →

US sanctions Russian accused of laundering Ryuk ransomware funds

The U.S. government has sanctioned a Russian national for allegedly laundering millions of dollars worth of victim ransom payments on behalf of individuals linked to the notorious Ryuk ransomware group. According to an announcement from the U.S. Treasury’s Office of…

Read more →

Palo Alto to Acquire Talon, Intensifying Competition in Cloud Data Security

Technology powerhouse Palo Alto Networks is officially on a billion-dollar shopping spree in the cloud data security space. The post Palo Alto to Acquire Talon, Intensifying Competition in Cloud Data Security  appeared first on SecurityWeek. This article has been indexed…

Read more →