The ransomware attack on Xplain impacted tens of thousands Federal government files, said the National Cyber Security Centre (NCSC) of Switzerland. The National Cyber Security Centre (NCSC) published a data analysis report on the data breach resulting from the ransomware…
Tag: EN
QEMU Emulator Exploited as Tunneling Tool to Breach Company Network
Threat actors have been observed leveraging the QEMU open-source hardware emulator as tunneling software during a cyber attack targeting an unnamed “large company” to connect to their infrastructure. While a number of legitimate tunneling tools like Chisel, FRP, ligolo, ngrok, and Plink…
Cisco Issues Patch for High-Severity VPN Hijacking Bug in Secure Client
Cisco has released patches to address a high-severity security flaw impacting its Secure Client software that could be exploited by a threat actor to open a VPN session with that of a targeted user. The networking equipment company described the…
Empowering women and transforming economies globally through inclusive partnerships
Learn more about four of Cisco’s partners – Living Goods, One Acre Fund, Solar Sister, and Trickle Up – who helped us exceed our One Billion Lives Impacted goal by providing people, especially women, with equitable access to the knowledge,…
What Happened in Cybersecurity in 2023: A Summary of Security Incidents, Vulnerability Information, and Cybersecurity Trends
The year 2023 witnessed a dynamic and complex cybersecurity landscape, with various security incidents, vulnerabilities, and trends emerging and evolving. Today, we released the 2023 Annual Security Incident Observation Report, based on our security incident data recorded in 2023. This…
NIS2: 3.Establish a cybersecurity framework
We wrote here https://www.sorinmustaca.com/how-to-nis2-eu-directive/ that the 3rd step in implementing the requirements of the directive is to establish a cybersecurity framework. If you haven’t read what a cybersecurity framework means, then you should read article: https://www.sorinmustaca.com/demystifying-cybersecurity-terms-policy-standard-procedure-controls-framework/ . Establishing a…
100% Surge in Malicious Emails Bypassing Secure Email Gateways
The frequency of malicious emails successfully circumventing Secure Email Gateways (SEGs) has doubled in the past year. This surge highlights the evolving sophistication of cyber threats and the challenges organizations face in protecting digital assets. According to Cofense’s analysis, a malicious email bypasses SEGs every minute, signifying a relentless assault on corporate defenses. The…
CISA Warns of Actively Exploited JetBrains TeamCity Vulnerability
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a critical security flaw impacting JetBrains TeamCity On-Premises software to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerability, tracked as CVE-2024-27198 (CVSS score: 9.8), refers…
Google Engineer Arrested for Stealing AI Tech Secrets
A Google engineer has been arrested for stealing trade secrets, particularly those related to artificial intelligence (AI) technology. Linwei Ding, also known as Leon Ding, is a 38-year-old software engineer and resident of Newark, California. A federal grand jury has…
March 2024 Patch Tuesday forecast: A popular framework updated
We’re almost at our third Patch Tuesday and wrapping up the first quarter 2024. Time flies by! Microsoft is starting to push users to update their operating systems as their active version is approaching end-of-support. The February 2024 Patch Tuesday…
How new and old security threats keep persisting
Security leaders recognize that the pattern of buying new tech and the frantic state of find-fix vulnerability management is not working, according to Cymulate. Security leaders take proactive approach to cybersecurity Rather than waiting for the next big cyberattack and…
Immediate AI risks and tomorrow’s dangers
“At the most basic level, AI has given malicious attackers superpowers,” Mackenzie Jackson, developer and security advocate at GitGuardian, told the audience last week at Bsides Zagreb. These superpowers are most evident in the growing impact of fishing, smishing and…
Understanding Types of Cloud Malware and Effective Defense Strategies
In recent years, as businesses and individuals increasingly rely on cloud computing services for storage, collaboration, and data processing, cyber-criminals have adapted their tactics to target cloud environments. Cloud malware poses a significant threat to the security and integrity of…
Play ransomware leaks Swiss government data comprising sensitive information
In a resurgence of cyber threats, the notorious PLAY Ransomware gang has once again captured headlines. Following an update from the FBI, which identified the Play ransomware gang as responsible for targeting more than 300 organizations, the gang is now…
Securing the future: Addressing cybersecurity challenges in the education sector
In this Help Net Security video, Kory Daniels, CISO at Trustwave, shines a light on the impact the current threat environment can have for both universities and students. Key findings from a recent Trustwave report include: – 1.8 million devices…
Leveraging AI and automation for enhanced cloud communication security
In this Help Net Security interview, Sanjay Macwan, CIO and CISO at Vonage, addresses emerging threats to cloud communications and the role of AI and automation in cybersecurity. What emerging threats to cloud communications are you most concerned about, and…
Top 4 Essential Strategies for Securing APIs To Block Compromised Tokens
Government bodies are clamping down heavily on institutions and organizations that handle sensitive customer data. For APIs, tokens are used to authenticate users. We live in an era dominated by cloud-native and cloud-first solutions that rely on these services to…
OpenARIA: Open-source edition of the Aviation Risk Identification and Assessment (ARIA)
MITRE now offers an open-source version of its Aviation Risk Identification and Assessment (ARIA) software suite, OpenARIA. This initiative is dedicated to enhancing aviation safety and efficiency through the active involvement of the aviation community. ARIA suite The first prototype…
Font security ‘still a Helvetica of a problem’ says Australian graphics outfit Canva
Who knew that unzipping a font archive could unleash a malicious file Online graphic design platform Canva went looking for security problems in fonts, and found three – in “strange places.”… This article has been indexed from The Register –…
New infosec products of the week: March 8, 2024
Here’s a look at the most interesting products from the past week, featuring releases from Check Point, Delinea, Pentera, and Sentra. Delinea Privilege Control for Servers enforces least privilege principles on critical systems In Privilege Control for Servers, session recording…