Chief Information Security Officers (CISOs) hold a critical and challenging role in today’s rapidly evolving cybersecurity landscape. Here are the common security challenges CISOs face. As organizations increasingly rely on technology to drive their operations, CISOs face complex security challenges…
Tag: EN
Chinese Hackers Hijack Software Updates to Install Malware Since 2005
In order to obtain unauthorized access and control, hackers take advantage of software vulnerabilities by manipulating updates. By corrupting the updates, hackers can disseminate malware, compromise user data, and build backdoors for future attacks. This enables hackers to compromise a…
Watch out, experts warn of a critical flaw in Jenkins
Jenkins maintainers addressed several security vulnerabilities, including a critical remote code execution (RCE) flaw. Jenkins is the most popular open source automation server, it is maintained by CloudBees and the Jenkins community. The automation server supports developers build, test and deploy…
GitLab Arbitrary File Write Vulnerability (CVE-2024-0402) Alert
Overview Recently, NSFOCUS CERT detected that GitLab officially released a security announcement and fixed an arbitrary file write vulnerability (CVE-2024-0402) in GitLab Community Edition (CE) and Enterprise Edition (EE). Due to path traversal issues, authenticated attackers can copy files to…
Collaboration Achievement: NSFOCUS and China University of Geosciences Article Secures Spotlight in Acclaimed Journal TIFS
In a recent achievement, the paper BABD: A Bitcoin Address Behavior Dataset for Pattern Analysis, a collaboration between the NSFOCUS research team and Professor Ren Wei’s team at the Computer School of China University of Geosciences, has been featured in…
Malicious Ads on Google Target Chinese Users with Fake Messaging Apps
Chinese-speaking users have been targeted by malicious Google ads for restricted messaging apps like Telegram as part of an ongoing malvertising campaign. “The threat actor is abusing Google advertiser accounts to create malicious ads and pointing them to pages where…
Data Privacy Week: Companies are Banning Generative AI Due to Privacy Risks
Cisco found that privacy and data security risks have led to over a quarter of organizations banning generative AI, at least temporarily, while a majority have instituted controls This article has been indexed from www.infosecurity-magazine.com Read the original article: Data…
Nozomi Unveils Wireless Security Sensor for OT, IoT Environments
Nozomi Networks extends its offering with Guardian Air, a security sensor designed to help organizations detect wireless threats in OT and IoT. The post Nozomi Unveils Wireless Security Sensor for OT, IoT Environments appeared first on SecurityWeek. This article has…
Guide: The Best Cybersecurity Conferences and Events of 2024
There is no doubt that our world has never seen as much data as what… The post Guide: The Best Cybersecurity Conferences and Events of 2024 appeared first on Security Boulevard. This article has been indexed from Security Boulevard Read…
Pwn2Own Automotive 2024 Day 2 – Tesla hacked again
Researchers hacked the Tesla infotainment system and found 24 zero-days on day 2 of Pwn2Own Automotive 2024 hacking competition. White hat hackers from the Synacktiv Team (@Synacktiv) compromised the Tesla infotainment system on the second day of the Pwn2Own Automotive…
Hackers Earn $1.3M for Tesla, EV Charger, Infotainment Exploits at Pwn2Own Automotive
Participants have earned more than $1.3 million for hacking Teslas, EV chargers and infotainment systems at Pwn2Own Automotive. The post Hackers Earn $1.3M for Tesla, EV Charger, Infotainment Exploits at Pwn2Own Automotive appeared first on SecurityWeek. This article has been…
Everything you need to know about the SEC Form 8-K
You may have heard more about the SEC Form 8-K recently due to changes that went into effect on Dec 16, 2023. From the SEC’s press release: The new rules will require registrants to disclose on the new Item 1.05…
Controversy Surrounds TFL’s Alleged Data Fraud and Hefty Penalties
Citizens residing in the European Union are facing challenges in settling fines sent by Transport for London (TFL), with penalties ranging from £1000 to £6000 or more. The concern lies not only in the imposed fines but also in the…
Top 10 Ways to Avoid Cybersecurity Misconfigurations
In the ever-evolving landscape of digital threats, cybersecurity mis-configurations have emerged as a significant vulnerability that can expose organizations to serious risks. Ensuring the security of your systems and networks requires proactive measures to prevent misconfigurations. Here are the top…
What makes ransomware victims less likely to pay up?
There’s a good reason why ransomware gangs started exfiltrating victims’ data instead of just encrypting it: those organizations pay more. University of Twente researcher Tom Meurs and his colleagues wanted to know which factors influence victims to pay the ransom…
Microsoft Warns of Widening APT29 Espionage Attacks Targeting Global Orgs
Microsoft on Thursday said the Russian state-sponsored threat actors responsible for a cyber attack on its systems in late November 2023 have been targeting other organizations and that it’s currently beginning to notify them. The development comes a day after Hewlett Packard…
Longer passwords aren’t safe from intensive cracking efforts
88% of organizations still use passwords as their primary method of authentication, according to Specops Software. The report found that 31.1 million breached passwords had over 16 characters, showing longer passwords aren’t safe from being cracked. 40,000 admin portal accounts…
Critical Cisco Flaw Lets Hackers Remotely Take Over Unified Comms Systems
Cisco has released patches to address a critical security flaw impacting Unified Communications and Contact Center Solutions products that could permit an unauthenticated, remote attacker to execute arbitrary code on an affected device. Tracked as CVE-2024-20253 (CVSS score: 9.9), the issue stems…
Russian TrickBot Mastermind Gets 5-Year Prison Sentence for Cybercrime Spree
40-year-old Russian national Vladimir Dunaev has been sentenced to five years and four months in prison for his role in creating and distributing the TrickBot malware, the U.S. Department of Justice (DoJ) said. The development comes nearly two months after Dunaev…
New infosec products of the week: January 26, 2024
Here’s a look at the most interesting products from the past week, featuring releases from 1Kosmos, Atakama, Onfido, Regula, Searchlight Cyber, Seceon, and Veriti. Onfido Compliance Suite simplifies local and global identity verification Onfido’s Compliance Suite introduces Qualified Electronic Signature…