π¦Ώ You definitely don't want to play: Squid Game-themed malware is here π¦Ώ
π Read
via "Tech Republic".
The stakes may not be as high as in the hit Netflix show, but you could still lose your data or identity if you fail to follow the rules for dodging the latest brand of pop-culture-themed scams.π Read
via "Tech Republic".
TechRepublic
You definitely don't want to play: Squid Game-themed malware is here
The stakes may not be as high as in the hit Netflix show, but you could still lose your data or identity if you fail to follow the rules for dodging the latest brand of pop-culture-themed scams.
β Lazarus Attackers Turn to the IT Supply Chain β
π Read
via "Threat Post".
Kaspersky researchers saw The North Korean state APT use a new variant of the BlindingCan RAT to breach a Latvian IT vendor and then a South Korean think tank.π Read
via "Threat Post".
Threat Post
Lazarus Attackers Turn to the IT Supply Chain
Kaspersky researchers saw The North Korean state APT use a new variant of the BlindingCan RAT to breach a Latvian IT vendor and then a South Korean think tank.
π΄ Cybersecurity Talent Gap Narrows as Workforce Grows π΄
π Read
via "Dark Reading".
Job satisfaction and salaries have both increased for cybersecurity professionals, as younger workers seek specific training to prepare for a cybersecurity career.π Read
via "Dark Reading".
Dark Reading
Cybersecurity Talent Gap Narrows as Workforce Grows
Job satisfaction and salaries have both increased for cybersecurity professionals, as younger workers seek specific training to prepare for a cybersecurity career.
π΄ CISA Announces Appointment of Washington Secretary of State Kim Wyman as Senior Election Security Lead π΄
π Read
via "Dark Reading".
As an expert on elections, her appointment speaks to the Agencyβs dedication to working with election officials throughout the nation in a non-partisan manner to ensure the security and resilience of our election infrastructure.π Read
via "Dark Reading".
Dark Reading
CISA Announces Appointment of Washington Secretary of State Kim Wyman as Senior Election Security Lead
As an expert on elections, her appointment speaks to the Agencyβs dedication to working with election officials throughout the nation in a non-partisan manner to ensure the security and resilience of our election infrastructure.
π΄ Gas Stations in Iran Downed by Cyberattack π΄
π Read
via "Dark Reading".
Unknown attackers hijacked gasoline pump machines and defaced them with a message that reportedly included a phone number for Supreme Leader Ayatollah Ali Khamenei's office.π Read
via "Dark Reading".
Dark Reading
Gas Stations in Iran Downed by Cyberattack
Unknown attackers hijacked gasoline pump machines and defaced them with a message that reportedly included a phone number for Supreme Leader Ayatollah Ali Khamenei's office.
π΄ IBM Announces Advances and New Collaborations in AI-Powered Automation, 5G Connectivity and Security at Mobile World Congress Los Angeles π΄
π Read
via "Dark Reading".
IBM collaborates with Boston Dynamics, Cisco, Palo Alto Networks and Turnium Technology Group to help equip businesses in next phase of digital transformation.π Read
via "Dark Reading".
Dark Reading
IBM Announces Advances and New Collaborations in AI-Powered Automation, 5G Connectivity and Security at Mobile World Congress Losβ¦
IBM collaborates with Boston Dynamics, Cisco, Palo Alto Networks and Turnium Technology Group to help equip businesses in next phase of digital transformation.
π΄ Ready to Play? Squid Game Becomes an Attractive Lure to Spread Cyberthreats π΄
π Read
via "Dark Reading".
Following demand from viewers, cybercriminals are not shy in taking advantage of fansβ eagerness to watch the show, with well-known fraud schemes hitting the web.π Read
via "Dark Reading".
Dark Reading
Ready to Play? Squid Game Becomes an Attractive Lure to Spread Cyberthreats
Following demand from viewers, cybercriminals are not shy in taking advantage of fansβ eagerness to watch the show, with well-known fraud schemes hitting the web.
β Public Clouds & Shared Responsibility: Lessons from Vulnerability Disclosure β
π Read
via "Threat Post".
Much is made of shared responsibility for cloud security. But Oliver Tavakoli, CTO at Vectra AI, notes there's no guarantee that Azure or AWS are delivering services in a hardened and secure manner.π Read
via "Threat Post".
Threat Post
Public Clouds & Shared Responsibility: Lessons from Vulnerability Disclosure
Much is made of shared responsibility for cloud security. But Oliver Tavakoli, CTO at Vectra AI, notes there's no guarantee that Azure or AWS are delivering services in a hardened and secure manner.
βΌ CVE-2019-3556 βΌ
π Read
via "National Vulnerability Database".
HHVM supports the use of an "admin" server which accepts administrative requests over HTTP. One of those request handlers, dump-pcre-cache, can be used to output cached regular expressions from the current execution context into a file. The handler takes a parameter which specifies where on the filesystem to write this data. The parameter is not validated, allowing a malicious user to overwrite arbitrary files where the user running HHVM has write access. This issue affects HHVM versions prior to 4.56.2, all versions between 4.57.0 and 4.78.0, as well as 4.79.0, 4.80.0, 4.81.0, 4.82.0, and 4.83.0.π Read
via "National Vulnerability Database".
π΄ North Korea's Lazarus Group Turns to Supply Chain Attacks π΄
π Read
via "Dark Reading".
State-backed group is among a growing number of threat actors looking at supply chain companies as an entry point into enterprise networks.π Read
via "Dark Reading".
Dark Reading
North Korea's Lazarus Group Turns to Supply Chain Attacks
State-backed group is among a growing number of threat actors looking at supply chain companies as an entry point into enterprise networks.
β SquirrelWaffle Loader Malspams, Packing Qakbot, Cobalt Strike β
π Read
via "Threat Post".
Say hello to what could be the next big spam player: SquirrelWaffle, which is spreading with increasing frequency via spam campaigns and infecting systems with a new malware loader.π Read
via "Threat Post".
Threat Post
SquirrelWaffle Loader Malspams, Packing Qakbot, Cobalt Strike
SquirrelWaffle, a new malware loader, is mal-spamming malicious Microsoft Office documents to deliver Qakbot malware and the penetration-testing tool Cobalt Strike β two of the most common threats regularly observed targeting organizations around the world.β¦
π΄ Free Tool Helps Security Teams Measure Their API Attack Surface π΄
π Read
via "Dark Reading".
Data Theorem's free API Attack Surface Calculator helps security teams understand potential API exposures.π Read
via "Dark Reading".
Dark Reading
Free Tool Helps Security Teams Measure Their API Attack Surface
Data Theorem's free API Attack Surface Calculator helps security teams understand potential API exposures.
βΌ CVE-2021-23877 βΌ
π Read
via "National Vulnerability Database".
Privilege escalation vulnerability in the Windows trial installer of McAfee Total Protection (MTP) prior to 16.0.34_x may allow a local user to run arbitrary code as the admin user by replacing a specific temporary file created during the installation of the trial version of MTP.π Read
via "National Vulnerability Database".
βΌ CVE-2020-22864 βΌ
π Read
via "National Vulnerability Database".
A cross site scripting (XSS) vulnerability in the Insert Video function of Froala WYSIWYG Editor 3.1.0 allows attackers to execute arbitrary web scripts or HTML.π Read
via "National Vulnerability Database".
βΌ CVE-2021-41866 βΌ
π Read
via "National Vulnerability Database".
MyBB before 1.8.28 allows stored XSS because the displayed Template Name value in the Admin CP's theme management is not escaped properly.π Read
via "National Vulnerability Database".
β Cyber Attack Cripples Iranian Fuel Distribution Network β
π Read
via "Threat Post".
The incident triggered shutdowns at pumps across the country as attackers flashed the phone number of Supreme Leader Ali Khamenei across video screens.π Read
via "Threat Post".
Threat Post
Cyberattack Cripples Iranian Fuel Distribution Network
The incident triggered shutdowns at pumps across the country as attackers flashed the phone number of Supreme Leader Ali Khamenei across video screens.
ποΈ Attack the block β How a security researcher cracked 70% of urban WiFi networks in one hit ποΈ
π Read
via "The Daily Swig".
A new attack takes advantage of weak WiFi passwordsπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Attack the block β How a security researcher cracked 70% of urban WiFi networks in one hit
A new attack takes advantage of weak WiFi passwords
π΄ Identity-Focused Security Controls Prevail π΄
π Read
via "Dark Reading".
How identity and access management strategies held up during the pandemic and tips for putting together an identity security road map.π Read
via "Dark Reading".
Dark Reading
Identity-Focused Security Controls Prevail
How identity and access management strategies held up during the pandemic and tips for putting together an identity security road map.
π΄ Annual Cyber Risk Survey Finds Businesses Are Sharpening Their Focus on Cybersecurity but Also Reveals Much Room for Improvement in Building Cyber-Resilience π΄
π Read
via "Dark Reading".
This year's survey features the highest percentage of cyber insurance buyers since the beginning of the survey 11 years ago.π Read
via "Dark Reading".
Dark Reading
Annual Cyber Risk Survey Finds Businesses Are Sharpening Their Focus on Cybersecurity but Also Reveals Much Room for Improvementβ¦
This year's survey features the highest percentage of cyber insurance buyers since the beginning of the survey 11 years ago.
π΄ Cynerio Launches IoT Attack Detection and Response Module for Healthcare IoT Devices π΄
π Read
via "Dark Reading".
Module helps hospitals identify, contain, and mitigate threats on devices exhibiting malicious or suspicious behavior.π Read
via "Dark Reading".
Dark Reading
Cynerio Launches IoT Attack Detection and Response Module for Healthcare IoT Devices
Module helps hospitals identify, contain, and mitigate threats on devices exhibiting malicious or suspicious behavior.
π΄ Onfido Acquires EYN to Provide Acoustic-Based Liveness Detection π΄
π Read
via "Dark Reading".
Technology will be incorporated into Onfidoβs Real Identity Platform.π Read
via "Dark Reading".
Dark Reading
Onfido Acquires EYN to Provide Acoustic-Based Liveness Detection
Technology will be incorporated into Onfidoβs Real Identity Platform.