β Cybersecurity Awareness Month: Listen up β CYBERΒSECURITY FIRST! β
π Read
via "Naked Security".
Fraser Howard of SophosLabs is truly a world expert in fighting malware. Read now, and learn from the best!π Read
via "Naked Security".
Naked Security
Cybersecurity Awareness Month: Listen up β CYBERΒSECURITY FIRST!
Fraser Howard of SophosLabs is truly a world expert in fighting malware. Read now, and learn from the best!
β Banking scam uses Docusign phish to thieve 2FA codes β
π Read
via "Naked Security".
This scam is obviously inapplicable to 999 people in every 1000... but there are LOTS of 1-in-1000 people in the world!π Read
via "Naked Security".
Naked Security
Banking scam uses Docusign phish to thieve 2FA codes
999 people in 1000 will know this is a phish straight off the bat. But for 1 in 1000 it will be plausible at first sightβ¦
β Listen up 2 β CYBERSECURITY FIRST! How to protect yourself from supply chain attacks β
π Read
via "Naked Security".
Everyone remembers this year's big-news supply chain attacks on Kaseya and SolarWinds. Sophos expert Chester Wisniewski explains how to control the risk.π Read
via "Naked Security".
Naked Security
Listen up 2 β CYBERSECURITY FIRST! How to protect yourself from supply chain attacks
Everyone remembers this yearβs big-news supply chain attacks on Kaseya and SolarWinds. Sophos expert Chester Wisniewski explains how to control the risk.
β Listen up 3 β CYBERSECURITY FIRST! Cyberinsurance, help or hindrance? β
π Read
via "Naked Security".
Dr Jason Nurse, Associate Professor in Cybersecurity at the University of Kent, takes on the controversial topic of cyberinsurance.π Read
via "Naked Security".
Naked Security
Listen up 3 β CYBERSECURITY FIRST! Cyberinsurance, help or hindrance?
Dr Jason Nurse, Associate Professor in Cybersecurity at the University of Kent, takes on the controversial topic of cyberinsurance.
βοΈ FBI Raids Chinese Point-of-Sale Giant PAX Technology βοΈ
π Read
via "Krebs on Security".
U.S. federal investigators today raided the U.S. offices of PAX Technology, a Chinese provider of point-of-sale devices used by millions of businesses and retailers globally. KrebsOnSecurity has learned the raid is tied to reports that PAX's systems may have been involved in cyberattacks on U.S. and E.U. organizations.π Read
via "Krebs on Security".
Krebs on Security
FBI Raids Chinese Point-of-Sale Giant PAX Technology
U.S. federal investigators today raided the U.S. offices of PAX Technology, a Chinese provider of point-of-sale devices used by millions of businesses and retailers globally. KrebsOnSecurity has learned the raid is tied to reports that PAX's systems may haveβ¦
βΌ CVE-2021-35499 βΌ
π Read
via "National Vulnerability Database".
The Web Reporting component of TIBCO Software Inc.'s TIBCO Nimbus contains easily exploitable Stored Cross Site Scripting (XSS) vulnerabilities that allow a low privileged attacker to social engineer a legitimate user with network access to execute scripts targeting the affected system or the victim's local system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO Nimbus: versions 10.4.0 and below.π Read
via "National Vulnerability Database".
π΄ DoJ & Europol Arrest 150 in Disruption of DarkNet Drug Operation π΄
π Read
via "Dark Reading".
Operation Dark HunTor targeted opioid traffickers on the DarkNet, leading to the seizure of weapons, drugs, and $31 million.π Read
via "Dark Reading".
Dark Reading
DoJ & Europol Arrest 150 in Disruption of DarkNet Drug Operation
Operation Dark HunTor targeted opioid traffickers on the DarkNet, leading to the seizure of weapons, drugs, and $31 million.
π΄ Are Baby Boomers More Vulnerable Online Than Younger Generations? You Might Be Surprised π΄
π Read
via "Dark Reading".
Growing up with computers and the Internet doesn't necessarily convey all the advantages often attributed to younger users.π Read
via "Dark Reading".
Dark Reading
Are Baby Boomers More Vulnerable Online Than Younger Generations? You Might Be Surprised
Growing up with computers and the Internet doesn't necessarily convey all the advantages often attributed to younger users.
β Why the Next-Generation of Application Security Is Needed β
π Read
via "Threat Post".
New software and code stand at the core of everything we do, but how well is all of this new code tested? Luckily, autonomous application security is here.π Read
via "Threat Post".
Threat Post
Why the Next-Generation of Application Security Is Needed
New software and code stand at the core of everything we do, but how well is all of this new code tested? Luckily, autonomous application security is here.
π¦Ώ You definitely don't want to play: Squid Game-themed malware is here π¦Ώ
π Read
via "Tech Republic".
The stakes may not be as high as in the hit Netflix show, but you could still lose your data or identity if you fail to follow the rules for dodging the latest brand of pop-culture-themed scams.π Read
via "Tech Republic".
TechRepublic
You definitely don't want to play: Squid Game-themed malware is here
The stakes may not be as high as in the hit Netflix show, but you could still lose your data or identity if you fail to follow the rules for dodging the latest brand of pop-culture-themed scams.
β Lazarus Attackers Turn to the IT Supply Chain β
π Read
via "Threat Post".
Kaspersky researchers saw The North Korean state APT use a new variant of the BlindingCan RAT to breach a Latvian IT vendor and then a South Korean think tank.π Read
via "Threat Post".
Threat Post
Lazarus Attackers Turn to the IT Supply Chain
Kaspersky researchers saw The North Korean state APT use a new variant of the BlindingCan RAT to breach a Latvian IT vendor and then a South Korean think tank.
π΄ Cybersecurity Talent Gap Narrows as Workforce Grows π΄
π Read
via "Dark Reading".
Job satisfaction and salaries have both increased for cybersecurity professionals, as younger workers seek specific training to prepare for a cybersecurity career.π Read
via "Dark Reading".
Dark Reading
Cybersecurity Talent Gap Narrows as Workforce Grows
Job satisfaction and salaries have both increased for cybersecurity professionals, as younger workers seek specific training to prepare for a cybersecurity career.
π΄ CISA Announces Appointment of Washington Secretary of State Kim Wyman as Senior Election Security Lead π΄
π Read
via "Dark Reading".
As an expert on elections, her appointment speaks to the Agencyβs dedication to working with election officials throughout the nation in a non-partisan manner to ensure the security and resilience of our election infrastructure.π Read
via "Dark Reading".
Dark Reading
CISA Announces Appointment of Washington Secretary of State Kim Wyman as Senior Election Security Lead
As an expert on elections, her appointment speaks to the Agencyβs dedication to working with election officials throughout the nation in a non-partisan manner to ensure the security and resilience of our election infrastructure.
π΄ Gas Stations in Iran Downed by Cyberattack π΄
π Read
via "Dark Reading".
Unknown attackers hijacked gasoline pump machines and defaced them with a message that reportedly included a phone number for Supreme Leader Ayatollah Ali Khamenei's office.π Read
via "Dark Reading".
Dark Reading
Gas Stations in Iran Downed by Cyberattack
Unknown attackers hijacked gasoline pump machines and defaced them with a message that reportedly included a phone number for Supreme Leader Ayatollah Ali Khamenei's office.
π΄ IBM Announces Advances and New Collaborations in AI-Powered Automation, 5G Connectivity and Security at Mobile World Congress Los Angeles π΄
π Read
via "Dark Reading".
IBM collaborates with Boston Dynamics, Cisco, Palo Alto Networks and Turnium Technology Group to help equip businesses in next phase of digital transformation.π Read
via "Dark Reading".
Dark Reading
IBM Announces Advances and New Collaborations in AI-Powered Automation, 5G Connectivity and Security at Mobile World Congress Losβ¦
IBM collaborates with Boston Dynamics, Cisco, Palo Alto Networks and Turnium Technology Group to help equip businesses in next phase of digital transformation.
π΄ Ready to Play? Squid Game Becomes an Attractive Lure to Spread Cyberthreats π΄
π Read
via "Dark Reading".
Following demand from viewers, cybercriminals are not shy in taking advantage of fansβ eagerness to watch the show, with well-known fraud schemes hitting the web.π Read
via "Dark Reading".
Dark Reading
Ready to Play? Squid Game Becomes an Attractive Lure to Spread Cyberthreats
Following demand from viewers, cybercriminals are not shy in taking advantage of fansβ eagerness to watch the show, with well-known fraud schemes hitting the web.
β Public Clouds & Shared Responsibility: Lessons from Vulnerability Disclosure β
π Read
via "Threat Post".
Much is made of shared responsibility for cloud security. But Oliver Tavakoli, CTO at Vectra AI, notes there's no guarantee that Azure or AWS are delivering services in a hardened and secure manner.π Read
via "Threat Post".
Threat Post
Public Clouds & Shared Responsibility: Lessons from Vulnerability Disclosure
Much is made of shared responsibility for cloud security. But Oliver Tavakoli, CTO at Vectra AI, notes there's no guarantee that Azure or AWS are delivering services in a hardened and secure manner.
βΌ CVE-2019-3556 βΌ
π Read
via "National Vulnerability Database".
HHVM supports the use of an "admin" server which accepts administrative requests over HTTP. One of those request handlers, dump-pcre-cache, can be used to output cached regular expressions from the current execution context into a file. The handler takes a parameter which specifies where on the filesystem to write this data. The parameter is not validated, allowing a malicious user to overwrite arbitrary files where the user running HHVM has write access. This issue affects HHVM versions prior to 4.56.2, all versions between 4.57.0 and 4.78.0, as well as 4.79.0, 4.80.0, 4.81.0, 4.82.0, and 4.83.0.π Read
via "National Vulnerability Database".
π΄ North Korea's Lazarus Group Turns to Supply Chain Attacks π΄
π Read
via "Dark Reading".
State-backed group is among a growing number of threat actors looking at supply chain companies as an entry point into enterprise networks.π Read
via "Dark Reading".
Dark Reading
North Korea's Lazarus Group Turns to Supply Chain Attacks
State-backed group is among a growing number of threat actors looking at supply chain companies as an entry point into enterprise networks.
β SquirrelWaffle Loader Malspams, Packing Qakbot, Cobalt Strike β
π Read
via "Threat Post".
Say hello to what could be the next big spam player: SquirrelWaffle, which is spreading with increasing frequency via spam campaigns and infecting systems with a new malware loader.π Read
via "Threat Post".
Threat Post
SquirrelWaffle Loader Malspams, Packing Qakbot, Cobalt Strike
SquirrelWaffle, a new malware loader, is mal-spamming malicious Microsoft Office documents to deliver Qakbot malware and the penetration-testing tool Cobalt Strike β two of the most common threats regularly observed targeting organizations around the world.β¦
π΄ Free Tool Helps Security Teams Measure Their API Attack Surface π΄
π Read
via "Dark Reading".
Data Theorem's free API Attack Surface Calculator helps security teams understand potential API exposures.π Read
via "Dark Reading".
Dark Reading
Free Tool Helps Security Teams Measure Their API Attack Surface
Data Theorem's free API Attack Surface Calculator helps security teams understand potential API exposures.